A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.
"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."
That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.
The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."
The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.
Read more
- Pentest Tools Website Vulnerability
- Hak5 Tools
- Hak5 Tools
- Hack Tools 2019
- Pentest Tools Download
- Hack And Tools
- Hacking Tools For Games
- Hack Tool Apk No Root
- Hack App
- Pentest Tools Kali Linux
- Hacker Tools Free Download
- Hacker Tools Apk Download
- Pentest Tools Website Vulnerability
- Hacker Tools Apk
- Hacking Tools Github
- Pentest Tools Android
- Pentest Tools Nmap
- Hacker Tools List
- Hacking Tools Name
- Blackhat Hacker Tools
- How To Install Pentest Tools In Ubuntu
- Pentest Reporting Tools
- Install Pentest Tools Ubuntu
- Hack Tools For Pc
- Hacker Techniques Tools And Incident Handling
- Pentest Tools Framework
- Hacking Tools For Kali Linux
- Growth Hacker Tools
- Hacking Tools Hardware
- Hacker Tools For Mac
- Hacking Tools Windows
- Ethical Hacker Tools
- Hak5 Tools
- Hacking Tools For Windows Free Download
- Hacker Tools
- Hack Tools Download
- Pentest Tools For Android
- Hacker Tools Hardware
- Pentest Tools Github
- Underground Hacker Sites
- Hacker Tools List
- Pentest Box Tools Download
- Pentest Tools Linux
- Pentest Tools Tcp Port Scanner
- Hacker Tools 2020
- Hack Tools
- Hacking Tools Mac
- Hacking Tools For Windows 7
- Hacking Tools For Windows 7
- Hacking Tools Online
- Hack App
- Physical Pentest Tools
- Hacker Techniques Tools And Incident Handling
- Hacking Tools For Games
- Hack Tools Github
- Easy Hack Tools
- Hacker Tools Github
- Hack Tools For Pc
- Hacker Tools 2019
- Hacks And Tools
- Hacking Tools For Beginners
- Wifi Hacker Tools For Windows
- Pentest Tools Kali Linux
- Nsa Hack Tools
- Hacking Tools Online
- Pentest Tools Nmap
- Hacker Techniques Tools And Incident Handling
- Hacker Tools Apk Download
- Hacker Tools For Mac
- New Hack Tools
- Pentest Automation Tools
- Best Pentesting Tools 2018
- Hack Tools Download
- Hacking App
- Physical Pentest Tools
- Beginner Hacker Tools
- Hackrf Tools
- Pentest Tools For Android
- Pentest Automation Tools
- Hacker Techniques Tools And Incident Handling
- What Is Hacking Tools
- Hacker Search Tools
- Hacker Tools Windows
- Pentest Automation Tools
- Pentest Tools Tcp Port Scanner
- Hacking Tools Pc
- Hack Tools 2019
- Underground Hacker Sites
- Wifi Hacker Tools For Windows
No comments:
Post a Comment