Critical Bug Found In WordPress Plugin For Elementor With Over A Million Installations

 

A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.

The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.

"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."

That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.

The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."

The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.

Related news

1. Computer Hacker
2. Hack Apps
3. Hacker Tools 2019
4. How To Make Hacking Tools
5. Hack Tools
6. Pentest Tools For Mac
7. Pentest Tools Online
8. Pentest Tools Kali Linux
9. Hacking Tools For Windows
10. Hacking Tools Hardware
11. Hacker Tools Software
12. Pentest Tools List
13. Hacking Tools For Games
14. Ethical Hacker Tools
15. Pentest Tools Download
16. Pentest Tools Framework
17. Pentest Tools
18. Hacking Apps
19. Underground Hacker Sites
20. Pentest Tools Tcp Port Scanner
21. Pentest Tools Url Fuzzer
22. Hackrf Tools
23. Best Hacking Tools 2019
24. Pentest Tools Download
25. Free Pentest Tools For Windows
26. Pentest Tools Tcp Port Scanner
27. Pentest Tools Subdomain
28. Hacker Tools Linux
29. Easy Hack Tools
30. Hacking Tools For Pc
31. Pentest Tools Online
32. Tools For Hacker
33. Hacker Tools For Ios
34. Best Pentesting Tools 2018
35. Hacking Tools For Windows Free Download
36. Pentest Tools Github
37. Pentest Tools Find Subdomains
38. Hacking Apps
39. Bluetooth Hacking Tools Kali
40. Growth Hacker Tools
41. Hacking Tools Online
42. Free Pentest Tools For Windows
43. Hacking Tools Free Download
44. Ethical Hacker Tools
45. Hacking Tools For Windows 7
46. Hacking Tools For Beginners
47. Hack Tools Pc
48. Hacker Tools 2019
49. Hacker Tools Free Download
50. Pentest Tools Github
51. How To Install Pentest Tools In Ubuntu
52. Hacker Hardware Tools
53. Github Hacking Tools
54. Hacking Tools For Mac
55. Hacker Tools Free Download
56. Hack Apps
57. Hacking Tools Free Download
58. Hacking Tools For Mac
59. Hacker Tools Apk
60. Hacker Tools 2019
61. Hack And Tools
62. Hacker Tools Hardware
63. Hacker Tools Linux
64. Hacker Tools List
65. Pentest Reporting Tools
66. Pentest Tools Free
67. Hacker Techniques Tools And Incident Handling
68. Hacking Tools Mac
69. Physical Pentest Tools
70. Hacker Tools Github
71. Hacking Tools 2019
72. Hacking Tools For Windows 7
73. Wifi Hacker Tools For Windows
74. Pentest Tools Website
75. Hackrf Tools
76. Hacking Tools Online
77. Hacker Tools For Pc
78. Hacking Tools For Kali Linux
79. Pentest Tools Alternative
80. Pentest Box Tools Download
81. Pentest Tools Github
82. Hack Tools Download
83. Pentest Reporting Tools
84. Pentest Tools Windows
85. Pentest Tools Linux
86. Pentest Tools Website
87. Pentest Tools Subdomain
88. Hacking Tools For Mac