Critical Bug Found In WordPress Plugin For Elementor With Over A Million Installations

 

A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.

The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.

"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."

That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.

The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."

The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.

Related links

1. Hacker Tools
2. Tools Used For Hacking
3. Hacking Tools Usb
4. Hacker Tools For Mac
5. Hacking Apps
6. Pentest Tools Online
7. Beginner Hacker Tools
8. New Hacker Tools
9. Pentest Tools
10. Hacker Tools 2019
11. Usb Pentest Tools
12. Pentest Tools Kali Linux
13. New Hack Tools
14. Pentest Tools Kali Linux
15. Pentest Tools Bluekeep
16. Hacking Tools Pc
17. How To Hack
18. Blackhat Hacker Tools
19. Tools For Hacker
20. Hacking Tools Free Download
21. Hacking Tools Name
22. Underground Hacker Sites
23. Hak5 Tools
24. Top Pentest Tools
25. Hacker Tools Apk
26. Pentest Tools Download
27. Android Hack Tools Github
28. How To Make Hacking Tools
29. Pentest Tools Review
30. Pentest Tools Free
31. Hacking Tools For Windows Free Download
32. Hacking Tools Windows
33. Install Pentest Tools Ubuntu
34. Hacking Tools For Kali Linux
35. Computer Hacker
36. Pentest Tools Alternative
37. Hack Tools For Pc
38. Hack Tools For Mac
39. Hacks And Tools
40. Hacker Tools Hardware
41. Hacker Tools Apk Download
42. Hacking Tools For Mac
43. Pentest Tools Online
44. Pentest Automation Tools
45. Hack Tools 2019
46. Top Pentest Tools
47. Android Hack Tools Github
48. Kik Hack Tools
49. Hacker Tools Apk Download
50. Pentest Tools Port Scanner
51. Hacking Tools Usb
52. Hacking Tools
53. Pentest Tools Url Fuzzer
54. Pentest Tools Framework
55. Pentest Tools For Ubuntu
56. What Are Hacking Tools
57. Hacking App
58. Hacking Tools 2020
59. Hacking Tools Mac
60. Pentest Tools Framework
61. How To Hack
62. Hacker Tools Software
63. Hack Tools Mac
64. Hack Tools
65. What Are Hacking Tools
66. Wifi Hacker Tools For Windows
67. Black Hat Hacker Tools
68. Hacker Hardware Tools
69. Pentest Tools Open Source
70. Hacking Apps
71. Pentest Tools Website Vulnerability
72. Hacking Tools For Pc
73. Hack Tools Github
74. Hacking Tools Online
75. Hacking Tools For Windows 7
76. Hack App
77. Hacker Tools Software
78. Hacker Security Tools
79. What Is Hacking Tools
80. Hacker Tools For Windows
81. Hacker Tools Online
82. Pentest Tools Framework
83. Physical Pentest Tools
84. Hack Tools Github
85. Hacking Tools Free Download
86. Pentest Tools Online
87. Termux Hacking Tools 2019
88. Pentest Tools Github
89. Hack Tools Github
90. Hack Tools For Games
91. Hack Tools For Mac
92. Tools Used For Hacking
93. Hacker Hardware Tools