A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.
"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."
That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.
The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."
The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.
Related news
- Nsa Hacker Tools
- Underground Hacker Sites
- Pentest Tools Find Subdomains
- Hack Tools For Games
- Hacking Tools Free Download
- Hacker Tools Apk Download
- Pentest Tools Open Source
- Pentest Tools For Android
- Kik Hack Tools
- Hacking Tools For Pc
- Hacker
- Hacking Tools Pc
- Blackhat Hacker Tools
- Pentest Box Tools Download
- Ethical Hacker Tools
- Hacking Tools Online
- Hacker Tools For Mac
- Hacking Tools Hardware
- Hacking Tools Free Download
- Hacker Tools Free
- Pentest Tools Url Fuzzer
- Hack Tools 2019
- Hacks And Tools
- Hacking Tools For Windows Free Download
- Hacking Tools And Software
- Pentest Tools Linux
- Pentest Tools Android
- Pentest Tools List
- Pentest Tools Port Scanner
- Install Pentest Tools Ubuntu
- Blackhat Hacker Tools
- Bluetooth Hacking Tools Kali
- Hacker Tool Kit
- Hacking Tools For Windows
- Hacking App
- Top Pentest Tools
- Pentest Tools Open Source
- Hacking Tools For Mac
- Kik Hack Tools
- Hacker Tools Free Download
- Nsa Hacker Tools
- Ethical Hacker Tools
- Blackhat Hacker Tools
- Hacking Tools For Windows Free Download
- Hack Tools For Mac
- Pentest Tools Url Fuzzer
- Hacking Tools Software
- Hack App
- Hacker Tools 2019
- Hacking Tools Mac
- Pentest Tools Find Subdomains
- Top Pentest Tools
- World No 1 Hacker Software
- Hacker Tools For Mac
- Hacking Tools Windows
- Hacker Tools For Mac
- Pentest Tools Port Scanner
- Underground Hacker Sites
- Hacking Tools Name
- Hacking Tools Mac
- Hack Tools Pc
- Hack Tools Online
- Tools 4 Hack
- Wifi Hacker Tools For Windows
- Hacker
- Pentest Tools Website Vulnerability
Aucun commentaire:
Enregistrer un commentaire