Critical Bug Found In WordPress Plugin For Elementor With Over A Million Installations

 

A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.

The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.

"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."

That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.

The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."

The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.

More articles

• Hacker Tools For Windows
• Hacking Tools For Games
• Hacking Tools Pc
• Pentest Tools Open Source
• Pentest Automation Tools
• Pentest Tools
• Github Hacking Tools
• Hacker Tools Apk Download
• Hacking Tools Free Download
• Nsa Hacker Tools
• Github Hacking Tools
• Hacking Tools For Windows Free Download
• Hacker Tools Online
• Android Hack Tools Github
• Hacking Tools Windows
• Usb Pentest Tools
• Wifi Hacker Tools For Windows
• Hacking Tools For Kali Linux
• New Hack Tools
• Hacking Tools 2019
• Pentest Tools Alternative
• How To Hack
• Kik Hack Tools
• Physical Pentest Tools
• Hacker Tools For Windows
• Bluetooth Hacking Tools Kali
• Hack Tools Github
• Pentest Tools Android
• Hacking Tools Github
• Free Pentest Tools For Windows
• Pentest Tools Website
• Tools Used For Hacking
• Hack Tools For Games
• Tools Used For Hacking
• Hack Tools
• Hack Tools For Mac
• Pentest Tools Url Fuzzer
• Pentest Tools Android
• Pentest Tools For Windows
• Hacking Tools Name
• Best Hacking Tools 2020
• Hacks And Tools
• Hacking Tools Free Download
• Hack Tools Online
• Hacker Tools Github
• Beginner Hacker Tools
• Hacker Techniques Tools And Incident Handling
• Nsa Hack Tools Download
• Hack Tools For Windows
• Blackhat Hacker Tools
• Pentest Tools Apk
• Physical Pentest Tools
• Pentest Tools Open Source
• Nsa Hack Tools
• Hack Tools Online
• Pentest Tools For Ubuntu
• Pentest Tools For Ubuntu
• Physical Pentest Tools
• Hacking Tools Name
• Hacking Tools Github
• Hacking Tools Github
• Hacker
• Hacking Tools Kit
• Best Hacking Tools 2019
• Underground Hacker Sites
• Termux Hacking Tools 2019
• Pentest Tools List
• Pentest Tools Website
• Pentest Tools Kali Linux
• Tools For Hacker
• Pentest Tools Find Subdomains
• Pentest Tools Github
• Hack Tools 2019
• Pentest Tools Review
• Nsa Hack Tools Download
• Hacking Tools Windows 10
• Pentest Tools Download
• Hacker Tools Software
• Pentest Tools Apk
• Pentest Tools List
• Hacking Tools For Mac
• Pentest Tools Open Source
• Hacker Tools Linux
• Hack Tools Github
• Hacker Security Tools
• Termux Hacking Tools 2019
• Hacker Tools 2019
• Pentest Tools Github
• Pentest Tools Linux
• Hacking Tools For Windows
• Pentest Tools
• Nsa Hack Tools Download
• Hacker Tools For Mac
• Termux Hacking Tools 2019
• Tools 4 Hack
• Pentest Tools Download
• Hacking Tools For Windows
• Pentest Box Tools Download
• Github Hacking Tools
• Hack Tools For Ubuntu
• Computer Hacker
• New Hacker Tools
• Hak5 Tools
• Hack Apps
• Hack Tools Pc
• Hack Tools For Mac
• Pentest Tools
• Hack Tool Apk No Root
• Pentest Tools Github
• Hacking Tools Name
• Hacking Tools Mac
• Hack Rom Tools
• Install Pentest Tools Ubuntu
• Best Pentesting Tools 2018
• New Hack Tools
• Hacking Tools Software
• Hack Tool Apk No Root
• Hacking Tools For Windows Free Download
• Hacking Tools
• Pentest Tools Linux
• Hack Tool Apk No Root
• Hacking Tools For Windows 7
• Hack Tools Github
• Hacker Techniques Tools And Incident Handling
• Hacks And Tools
• Pentest Tools For Mac
• Pentest Tools
• Hack Tools Download
• Pentest Tools Android
• Pentest Tools Find Subdomains
• Hack Website Online Tool
• Pentest Tools For Mac
• Hacker Tools For Mac
• Physical Pentest Tools
• Hacker
• Hacker Tools Online
• Pentest Tools Windows
• Pentest Tools Alternative
• Hack Tools Mac
• Hacking Tools Usb
• Hacker Tools Hardware
• Hacking Tools For Pc
• Pentest Tools Online
• Tools Used For Hacking
• Pentest Tools For Android
• Hacker Techniques Tools And Incident Handling
• Hacking Tools Mac
• Hackers Toolbox
• Hack Tool Apk No Root
• Hacker Tools Apk Download
• New Hack Tools
• Hacker Tools For Mac
• Best Hacking Tools 2020
• Pentest Tools Review
• Hacking Tools Windows
• Hacking App
• Pentest Tools
• Pentest Tools Linux
• Pentest Tools Kali Linux
• How To Hack
• Hack Tools For Games
• Hack Tools Download
• Hacker Tools Free
• Pentest Tools Kali Linux
• Hacker
• Hacking Tools For Beginners
• Hacking Tools Windows 10
• Pentest Tools Alternative
• Pentest Tools Linux
• Hack Tools For Ubuntu
• Pentest Tools List