Critical Bug Found In WordPress Plugin For Elementor With Over A Million Installations

 

A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.

The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.

"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."

That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.

The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."

The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.

More articles

1. Best Pentesting Tools 2018
2. Nsa Hacker Tools
3. Hacking Tools Windows
4. Install Pentest Tools Ubuntu
5. Free Pentest Tools For Windows
6. Ethical Hacker Tools
7. Install Pentest Tools Ubuntu
8. Pentest Recon Tools
9. Bluetooth Hacking Tools Kali
10. Hackers Toolbox
11. Hack Apps
12. Hack And Tools
13. Pentest Reporting Tools
14. Hackers Toolbox
15. Hack Rom Tools
16. Bluetooth Hacking Tools Kali
17. Pentest Tools Port Scanner
18. Pentest Tools Linux
19. Hack App
20. Pentest Box Tools Download
21. Hacking Tools For Mac
22. Pentest Tools Port Scanner
23. Hacker Security Tools
24. Github Hacking Tools
25. Pentest Tools Website Vulnerability
26. Pentest Tools List
27. Install Pentest Tools Ubuntu
28. Hack Tools Pc
29. Install Pentest Tools Ubuntu
30. Pentest Tools Bluekeep
31. Pentest Tools Website Vulnerability
32. Hacking Tools For Beginners
33. Hack Rom Tools
34. Hack And Tools
35. Hacking Tools Free Download
36. World No 1 Hacker Software
37. Best Pentesting Tools 2018
38. Hacks And Tools
39. Hacking Tools Kit
40. Hacking Tools For Games
41. Hacking Tools For Windows 7
42. Hacker Tools Github
43. Hacker Tools List
44. Hack App
45. Pentest Tools Review
46. Hacker Tools Free
47. Nsa Hack Tools
48. Hacking Tools Pc
49. Hacking Tools For Pc
50. Hack Tools For Mac
51. Computer Hacker
52. Pentest Tools
53. Hack And Tools
54. Pentest Tools Find Subdomains
55. Pentest Tools For Mac
56. Hacker Tools Windows
57. Beginner Hacker Tools
58. Free Pentest Tools For Windows
59. Hacking Tools Free Download
60. Hacker Tool Kit
61. Bluetooth Hacking Tools Kali
62. Hack Tools For Ubuntu
63. Pentest Tools Url Fuzzer
64. Hacker Tools Windows
65. Hacker Tools List
66. Hacking Tools Hardware
67. Pentest Tools Tcp Port Scanner
68. Hacker Tools Apk
69. Physical Pentest Tools
70. Pentest Tools List