Critical Bug Found In WordPress Plugin For Elementor With Over A Million Installations
A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.
"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."
That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.
The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."
The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.
More info
- Wifi Hacker Tools For Windows
- Hacks And Tools
- Pentest Tools Linux
- Hacker Tools For Mac
- Best Pentesting Tools 2018
- Hacker Tools Software
- Install Pentest Tools Ubuntu
- Pentest Box Tools Download
- Game Hacking
- Top Pentest Tools
- Physical Pentest Tools
- New Hacker Tools
- Hacking Tools Hardware
- Pentest Tools
- Hacking Tools Online
- Easy Hack Tools
- Pentest Tools Bluekeep
- Hack Tools For Ubuntu
- Hacker Tools Free Download
- Hacking Tools Hardware
- Wifi Hacker Tools For Windows
- Hacking Tools Usb
- Pentest Tools Tcp Port Scanner
- Blackhat Hacker Tools
- Hacker Tools Apk Download
- Hacker Techniques Tools And Incident Handling
- Hacking Tools Windows
- Ethical Hacker Tools
- Beginner Hacker Tools
- Hack Apps
- Hacker Security Tools
- Pentest Tools Linux
- Nsa Hack Tools Download
- Growth Hacker Tools
- Pentest Tools Review
- Hacking Tools For Games
- Hack Tools Pc
- Nsa Hacker Tools
- Bluetooth Hacking Tools Kali
- Best Pentesting Tools 2018
- Pentest Tools Android
- Hacker Tool Kit
- Pentest Tools Open Source
- Hacking Apps
- Hack Apps
- Hacking Tools For Windows
- Pentest Tools For Windows
- Hacker Tools Software
- Hacker Tools List
- Hacker Tools Online
- Hacking Tools For Beginners
- Hack Tool Apk
- Install Pentest Tools Ubuntu
- Hacker Tools For Pc
- Pentest Tools Bluekeep
- Free Pentest Tools For Windows
- Hacking Tools For Beginners
- Hack Tools Github
- Hacking Tools Pc
- Hacking Tools Windows 10
- Pentest Tools Url Fuzzer
- Pentest Box Tools Download
- Easy Hack Tools
- Hack Tools Github
- Hacking Tools For Mac
- Hack Apps
- Hacking Tools For Mac
- Pentest Box Tools Download
- Hacker Security Tools
- Hacker Tools Free Download
- Pentest Tools Port Scanner
- Hacker Search Tools
- Hack Tools Download
- Hacks And Tools
- Hack Tools Github
- Hacker Tools Mac
- Hacking Tools Usb
- Hacking Tools For Pc
- Hacking Tools
- Hacking Tools Kit
- Hacker Tools 2020
- Hack Apps
- Hacking Apps
- Hacker Security Tools
- Hacker Tools Software
- Hacking Tools For Games
- Pentest Tools Website Vulnerability
- Hack Tools For Games
- Hacker Tools For Ios
- Hacking Tools Usb
- Hacker Security Tools
- Pentest Tools Subdomain
- Usb Pentest Tools
- Pentest Tools Alternative
- Pentest Tools List
- Free Pentest Tools For Windows
- Hacker Tools Github
- Hacking Tools 2019
- Game Hacking
- Hack Tools For Mac
- How To Make Hacking Tools
- Growth Hacker Tools
- Hacker Tools Apk Download
- Pentest Tools Linux
- Hacking Tools 2019
- Hak5 Tools
- Pentest Tools Kali Linux
- Hack Tools For Ubuntu
- How To Hack
- New Hack Tools
- Pentest Reporting Tools
- Pentest Tools Online
- Pentest Tools Framework
- Pentest Tools List
- Hacking Tools Windows 10
- Hack Tool Apk
- Pentest Recon Tools
- What Are Hacking Tools
- Hack Rom Tools
- Hacking Tools For Windows Free Download
- What Is Hacking Tools
- Hacker Tools Online
- Hack Tools Download
- Pentest Tools Alternative
- Pentest Tools Linux
- Hacking Tools Hardware
- Usb Pentest Tools
- Hak5 Tools
- Hack Tools Online
- Hacker Tools List
- Hacks And Tools
- Hacking Tools Pc
- Computer Hacker
- Hacking Tools For Pc
- Pentest Box Tools Download
- Hackers Toolbox
- Pentest Tools Website
- Pentest Tools Url Fuzzer
- Pentest Tools For Android
- Hack Tools For Windows
- Hack Tools Github
- Hacking Tools For Windows 7
- Hacker Tools Mac
- Usb Pentest Tools
- How To Install Pentest Tools In Ubuntu
- Hack Tools Mac
- Hacker Tools Windows
- Pentest Tools Framework
- Pentest Tools For Windows
- Hacker Techniques Tools And Incident Handling
- Hack Tools
- Free Pentest Tools For Windows
- Hacker Tools Apk Download
- Blackhat Hacker Tools
- Android Hack Tools Github
- Game Hacking
- Tools 4 Hack
- Hacking Tools For Mac
- Pentest Tools List
- Pentest Tools Framework
- Nsa Hacker Tools
- Hacking Tools Pc
- Pentest Tools
- Hacker Tools Windows
- Hacking Tools
- Pentest Tools
- Pentest Tools Website
- Kik Hack Tools
- Install Pentest Tools Ubuntu
- Hack Tools
- Hacker Tools Windows
- New Hacker Tools
- Termux Hacking Tools 2019
- Hacking Tools For Windows 7
- Hacking Tools For Kali Linux
- Hack Tools For Mac
- What Is Hacking Tools
0 Commenti:
Posta un commento
Iscriviti a Commenti sul post [Atom]
<< Home page