A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.
"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."
That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.
The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."
The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.
Continue reading
- Pentest Tools
- Install Pentest Tools Ubuntu
- Pentest Automation Tools
- Pentest Tools Url Fuzzer
- Pentest Tools Android
- Pentest Tools Github
- Hacking Tools 2020
- Ethical Hacker Tools
- Hacker Tools 2019
- Hacker Tools Free
- Hack Tools For Games
- Hacking Tools Mac
- Hack Rom Tools
- Hacker Tools Apk Download
- Physical Pentest Tools
- Hack Tools Mac
- Hacking Tools For Games
- Hack Tools Mac
- Hacker Tools 2019
- Hack Rom Tools
- Hack Apps
- Hacker Search Tools
- Hacking Tools Hardware
- Pentest Tools For Android
- Hacking Tools Usb
- Hacking Tools Windows 10
- Pentest Reporting Tools
- Hack Tools
- New Hacker Tools
- Nsa Hack Tools Download
- Hacking Tools Github
- Hacker Tools Windows
- Pentest Tools Port Scanner
- Black Hat Hacker Tools
- How To Install Pentest Tools In Ubuntu
- Pentest Tools Apk
- Hacker Tools For Windows
- Pentest Tools Linux
- Hack Tool Apk
- Hack Tool Apk
- Pentest Tools Find Subdomains
- Hacker Tools 2019
- Pentest Tools Review
- Wifi Hacker Tools For Windows
- Black Hat Hacker Tools
- Hak5 Tools
- Pentest Tools Bluekeep
- Pentest Tools Kali Linux
- Pentest Tools Subdomain
- Underground Hacker Sites
- Hacking Tools Usb
- Hacking Tools 2019
- Pentest Tools For Windows
- Pentest Tools Url Fuzzer
- Pentest Box Tools Download
- Hacker Tool Kit
- Pentest Tools Bluekeep
- Hack Tools Mac
- Hackrf Tools
- Hack App
- Hack Tools
- Hacking Tools For Windows Free Download
- Hacking Tools Kit
- Pentest Tools Linux
- Tools Used For Hacking
- Hack Tools Mac
- Best Hacking Tools 2020
- Hacker
- Pentest Tools Github
- Pentest Tools Port Scanner
- Hacking Tools Windows 10
- Hacker Search Tools
- Pentest Reporting Tools
- Hacking Tools
- Hack Tools For Pc
- Pentest Tools Url Fuzzer
- Best Pentesting Tools 2018
- Hacker Tools Apk Download
- Pentest Tools Website Vulnerability
- Hacker Tools Windows
- Nsa Hacker Tools
- Hack Tools Pc
- Hacking Tools For Windows 7
- Hacker
- Hacker Tools 2019
- Hack Tools Pc
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου