A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.
"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."
That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.
The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."
The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.
Read more- Pentest Tools Url Fuzzer
- Game Hacking
- Physical Pentest Tools
- Hack Rom Tools
- Hacker Tools For Windows
- Blackhat Hacker Tools
- Pentest Tools Online
- Hack Tool Apk
- Pentest Automation Tools
- Pentest Tools Url Fuzzer
- Pentest Tools Github
- Hacker Tools Software
- Pentest Tools Framework
- Pentest Tools For Mac
- How To Make Hacking Tools
- Hack Tools Online
- Hacker Tools Free
- Hack Apps
- Hacker Tools Github
- Pentest Reporting Tools
- Hack Tool Apk No Root
- Pentest Tools Windows
- Hacker Tools Linux
- Hacking Tools For Windows Free Download
- Hack Tools For Games
- Github Hacking Tools
- Hacking Tools For Pc
- Hacking App
- Pentest Tools Website Vulnerability
- Hacking Tools For Windows Free Download
- Beginner Hacker Tools
- Hack Website Online Tool
- Pentest Tools Github
- Pentest Tools Linux
- Hacking Tools Pc
- Hacking Tools Mac
- Hacker Tools Windows
- Pentest Tools Online
- Hacking Tools Download
- How To Hack
- Hack Tools Github
- Hacker Tools Github
- What Is Hacking Tools
- New Hack Tools
- Hack Tools For Ubuntu
- Hacking Tools 2019
- What Are Hacking Tools
- Hackrf Tools
- Pentest Tools Subdomain
- Wifi Hacker Tools For Windows
- Nsa Hacker Tools
- Hack Tools For Games
- Black Hat Hacker Tools
- Android Hack Tools Github
- Github Hacking Tools
- Pentest Tools Review
- Pentest Tools Android
- Pentest Tools Framework
- Pentest Tools Subdomain
- Pentest Tools Online
- Hackers Toolbox
- Hacking Tools For Windows 7
- Hacking Tools Free Download
- Hacker
- Hack Tools Download
- Hack Tools
- Beginner Hacker Tools
- Hacking Tools Kit
- Install Pentest Tools Ubuntu
- Hacking Tools Online
- Pentest Tools For Ubuntu
- Free Pentest Tools For Windows
- Hackrf Tools
- Pentest Recon Tools
- Pentest Tools Linux
- Pentest Tools Website
- Hacking App
- Hacker Hardware Tools
- Hack Tools Mac
- Best Pentesting Tools 2018
- What Is Hacking Tools
- Hacking Tools Free Download
- Pentest Tools Framework
- Pentest Tools
- Hacking Tools Usb
- Hacker Tools For Windows
- Pentest Tools Linux
- Hacking Tools 2020
- Hack Tools For Pc
- Hacker
- Hacking Tools Software
- Pentest Tools Subdomain
- Blackhat Hacker Tools
- Hacker Tools 2019
- Hacking Tools For Pc
- Hack App
- Hack Tools For Mac
- Pentest Recon Tools
- Black Hat Hacker Tools
- Hacking Tools Pc
- New Hacker Tools
- What Is Hacking Tools
- Hack Tools Github
- Pentest Reporting Tools
- Hacker Tools Mac
- Hacker Tools Online
- Hacking Tools For Windows
- Hacker Tools Hardware
- Hacking Tools Online
- Hacker Tools Hardware
- Best Pentesting Tools 2018
- Pentest Tools For Windows
- Pentest Tools Free
- Hacking Tools For Windows
- Hack Tools Online
- Hacking Tools Windows 10
- Hacker Tools Mac
- Android Hack Tools Github
- Hacker Tools Apk Download
- Hacker Tools Online
- Hacker Tools Online
- Pentest Tools For Ubuntu
- Hacker Tools 2019
- Hacker Tools Software
- Hack Apps
- Termux Hacking Tools 2019
- Hack Tools For Mac
- Hack Tools
- Tools For Hacker
- Hack Apps
- Hacking Tools For Windows
- Hacking Tools Mac
- Hack Tools For Pc
- Hacker Tools Software
- World No 1 Hacker Software
- Pentest Tools Bluekeep
- Pentest Tools Open Source
- Pentest Tools Website Vulnerability
- Hacker Tools List
- Beginner Hacker Tools
- Hacking Tools Pc
- Bluetooth Hacking Tools Kali
- Hacker Tools Software
- Hacking App
- Hacking Tools Usb
- Hack Tools 2019
- Hacker Tools 2019
- Best Hacking Tools 2019
- Hack Tools For Windows
- Pentest Tools Tcp Port Scanner
- Hacker Tools Mac
- Beginner Hacker Tools
- Hacking Tools For Windows Free Download
- New Hacker Tools
- Hacking Tools Kit
- Pentest Tools Kali Linux
- Hacker Tools Free Download
- Nsa Hack Tools Download
- Physical Pentest Tools
- Hacking Tools Free Download
- Beginner Hacker Tools
- Hacking Tools Github
- Hacking Tools Online
- Best Pentesting Tools 2018
- Pentest Tools For Mac
- Physical Pentest Tools
- New Hack Tools
- Pentest Tools Subdomain
- Hack App
- Pentest Tools Online
- Pentest Tools Kali Linux
- Hack Website Online Tool
- Hacker Tools Software
- Hacker Tools Apk
- Tools 4 Hack
- Pentest Tools Tcp Port Scanner
- Beginner Hacker Tools
- Pentest Tools Open Source
No comments:
Post a Comment