Critical Bug Found In WordPress Plugin For Elementor With Over A Million Installations

 

A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.

The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.

"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."

That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.

The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."

The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.

Related news

1. Hacker Tools For Windows
2. Hack Tool Apk No Root
3. Hacker Tools List
4. Hacking Tools For Games
5. Hack Tools For Mac
6. Hacker
7. Hack Rom Tools
8. Hacker Search Tools
9. Hacker Tools Online
10. Hacker Tool Kit
11. How To Hack
12. New Hacker Tools
13. Pentest Automation Tools
14. Github Hacking Tools
15. Hacking Tools Usb
16. Hack Tools For Pc
17. Hack Tools Pc
18. Hack Website Online Tool
19. Pentest Tools
20. Pentest Box Tools Download
21. Hacking App
22. Hacking Tools Free Download
23. How To Install Pentest Tools In Ubuntu
24. Hacker Tools Free
25. Hacking Tools For Kali Linux
26. New Hack Tools
27. Hacker
28. Hacker Security Tools
29. Underground Hacker Sites
30. Blackhat Hacker Tools
31. Hacking App
32. World No 1 Hacker Software
33. Pentest Reporting Tools
34. Pentest Tools For Ubuntu
35. Hacker Tools Apk Download
36. Hacking Tools Windows 10
37. Hak5 Tools
38. Hacker Tools For Pc
39. Hacking Tools For Kali Linux
40. Hacker Tools Apk Download
41. Pentest Tools Download
42. New Hack Tools
43. Pentest Tools List
44. Pentest Tools Website
45. Hacking Tools Download
46. Pentest Tools Bluekeep
47. Hacking Tools Online
48. What Are Hacking Tools
49. Hacker Tools Hardware
50. Pentest Tools Android
51. Pentest Tools Bluekeep
52. Hacker Security Tools
53. Hacking Tools For Windows Free Download
54. Hack Tools 2019
55. Pentest Tools Windows
56. Hack Tools For Mac
57. Hack Tools Online
58. Hack Tools
59. Hacking Tools Online
60. What Are Hacking Tools
61. Hack Tools For Windows
62. Best Pentesting Tools 2018
63. New Hack Tools
64. Hack Rom Tools
65. Hacker Tools 2019
66. Hacker Tools For Ios
67. Pentest Tools For Ubuntu
68. Nsa Hacker Tools
69. Game Hacking
70. Hacking Tools
71. Hack Tools Online
72. Tools 4 Hack
73. Pentest Tools Nmap
74. Pentest Tools Android
75. Github Hacking Tools
76. How To Install Pentest Tools In Ubuntu
77. Hack Rom Tools
78. Hacking Tools For Windows 7
79. Hacker Tools 2020
80. Hacker Tools Free Download
81. Hacker Hardware Tools
82. World No 1 Hacker Software
83. Hacking Tools
84. Pentest Box Tools Download
85. Pentest Tools Framework
86. Usb Pentest Tools
87. Pentest Tools Kali Linux
88. Underground Hacker Sites
89. Hack App
90. Tools 4 Hack
91. Hack Tools For Ubuntu
92. Wifi Hacker Tools For Windows
93. Hacker Search Tools
94. Pentest Box Tools Download
95. What Is Hacking Tools
96. Underground Hacker Sites
97. Pentest Tools Free
98. Hacking Tools Hardware
99. Pentest Automation Tools
100. Wifi Hacker Tools For Windows
101. Hacking Tools And Software
102. Hacking Tools Pc
103. Hacking Tools 2020
104. Hack Tools For Ubuntu
105. Android Hack Tools Github
106. Pentest Recon Tools
107. Hacking Tools For Pc
108. Termux Hacking Tools 2019
109. Hacking Tools Name
110. Pentest Tools Find Subdomains
111. Hacking Tools
112. Hacking Tools Pc
113. Pentest Tools Free
114. Hacker Tools For Pc
115. Hacking Tools For Mac
116. Hacker Tools Apk Download
117. Hacker Techniques Tools And Incident Handling
118. Hacker Tools For Pc
119. Blackhat Hacker Tools
120. Pentest Tools For Ubuntu
121. Tools Used For Hacking
122. Pentest Tools Android
123. Hack Tools For Pc
124. Hacker Tools Windows
125. Termux Hacking Tools 2019
126. Tools 4 Hack
127. Hacking Tools Name
128. Pentest Tools Windows
129. Hack Tool Apk No Root
130. Hacking App
131. Pentest Tools Nmap
132. Hacking Tools Download
133. Usb Pentest Tools
134. Hacking Tools Kit
135. Bluetooth Hacking Tools Kali
136. Hacking Tools Online
137. Pentest Tools List
138. Hack Tool Apk No Root
139. Hacker Tools For Ios
140. Hacking Tools For Windows Free Download
141. Pentest Tools Online
142. Hacker Tools For Mac
143. Hacking Tools Windows
144. Game Hacking
145. Hacker Security Tools
146. Pentest Tools
147. Hack App
148. Hacking Tools Github
149. Pentest Tools Download
150. Hacker Tools For Pc
151. Hack Tools For Mac
152. Pentest Tools Nmap
153. Hacking Tools And Software
154. Underground Hacker Sites
155. Nsa Hacker Tools
156. Pentest Tools For Ubuntu
157. Beginner Hacker Tools
158. Hack Tools
159. Pentest Tools Online
160. Kik Hack Tools
161. Hacking Tools Github
162. Hacking Tools Usb
163. Pentest Tools List
164. Hacker Tools Windows
165. Tools For Hacker
166. Pentest Tools Website