Critical Bug Found In WordPress Plugin For Elementor With Over A Million Installations

 

A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.

The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.

"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."

That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.

The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."

The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.

Read more

1. Pentest Tools Url Fuzzer
2. Game Hacking
3. Physical Pentest Tools
4. Hack Rom Tools
5. Hacker Tools For Windows
6. Blackhat Hacker Tools
7. Pentest Tools Online
8. Hack Tool Apk
9. Pentest Automation Tools
10. Pentest Tools Url Fuzzer
11. Pentest Tools Github
12. Hacker Tools Software
13. Pentest Tools Framework
14. Pentest Tools For Mac
15. How To Make Hacking Tools
16. Hack Tools Online
17. Hacker Tools Free
18. Hack Apps
19. Hacker Tools Github
20. Pentest Reporting Tools
21. Hack Tool Apk No Root
22. Pentest Tools Windows
23. Hacker Tools Linux
24. Hacking Tools For Windows Free Download
25. Hack Tools For Games
26. Github Hacking Tools
27. Hacking Tools For Pc
28. Hacking App
29. Pentest Tools Website Vulnerability
30. Hacking Tools For Windows Free Download
31. Beginner Hacker Tools
32. Hack Website Online Tool
33. Pentest Tools Github
34. Pentest Tools Linux
35. Hacking Tools Pc
36. Hacking Tools Mac
37. Hacker Tools Windows
38. Pentest Tools Online
39. Hacking Tools Download
40. How To Hack
41. Hack Tools Github
42. Hacker Tools Github
43. What Is Hacking Tools
44. New Hack Tools
45. Hack Tools For Ubuntu
46. Hacking Tools 2019
47. What Are Hacking Tools
48. Hackrf Tools
49. Pentest Tools Subdomain
50. Wifi Hacker Tools For Windows
51. Nsa Hacker Tools
52. Hack Tools For Games
53. Black Hat Hacker Tools
54. Android Hack Tools Github
55. Github Hacking Tools
56. Pentest Tools Review
57. Pentest Tools Android
58. Pentest Tools Framework
59. Pentest Tools Subdomain
60. Pentest Tools Online
61. Hackers Toolbox
62. Hacking Tools For Windows 7
63. Hacking Tools Free Download
64. Hacker
65. Hack Tools Download
66. Hack Tools
67. Beginner Hacker Tools
68. Hacking Tools Kit
69. Install Pentest Tools Ubuntu
70. Hacking Tools Online
71. Pentest Tools For Ubuntu
72. Free Pentest Tools For Windows
73. Hackrf Tools
74. Pentest Recon Tools
75. Pentest Tools Linux
76. Pentest Tools Website
77. Hacking App
78. Hacker Hardware Tools
79. Hack Tools Mac
80. Best Pentesting Tools 2018
81. What Is Hacking Tools
82. Hacking Tools Free Download
83. Pentest Tools Framework
84. Pentest Tools
85. Hacking Tools Usb
86. Hacker Tools For Windows
87. Pentest Tools Linux
88. Hacking Tools 2020
89. Hack Tools For Pc
90. Hacker
91. Hacking Tools Software
92. Pentest Tools Subdomain
93. Blackhat Hacker Tools
94. Hacker Tools 2019
95. Hacking Tools For Pc
96. Hack App
97. Hack Tools For Mac
98. Pentest Recon Tools
99. Black Hat Hacker Tools
100. Hacking Tools Pc
101. New Hacker Tools
102. What Is Hacking Tools
103. Hack Tools Github
104. Pentest Reporting Tools
105. Hacker Tools Mac
106. Hacker Tools Online
107. Hacking Tools For Windows
108. Hacker Tools Hardware
109. Hacking Tools Online
110. Hacker Tools Hardware
111. Best Pentesting Tools 2018
112. Pentest Tools For Windows
113. Pentest Tools Free
114. Hacking Tools For Windows
115. Hack Tools Online
116. Hacking Tools Windows 10
117. Hacker Tools Mac
118. Android Hack Tools Github
119. Hacker Tools Apk Download
120. Hacker Tools Online
121. Hacker Tools Online
122. Pentest Tools For Ubuntu
123. Hacker Tools 2019
124. Hacker Tools Software
125. Hack Apps
126. Termux Hacking Tools 2019
127. Hack Tools For Mac
128. Hack Tools
129. Tools For Hacker
130. Hack Apps
131. Hacking Tools For Windows
132. Hacking Tools Mac
133. Hack Tools For Pc
134. Hacker Tools Software
135. World No 1 Hacker Software
136. Pentest Tools Bluekeep
137. Pentest Tools Open Source
138. Pentest Tools Website Vulnerability
139. Hacker Tools List
140. Beginner Hacker Tools
141. Hacking Tools Pc
142. Bluetooth Hacking Tools Kali
143. Hacker Tools Software
144. Hacking App
145. Hacking Tools Usb
146. Hack Tools 2019
147. Hacker Tools 2019
148. Best Hacking Tools 2019
149. Hack Tools For Windows
150. Pentest Tools Tcp Port Scanner
151. Hacker Tools Mac
152. Beginner Hacker Tools
153. Hacking Tools For Windows Free Download
154. New Hacker Tools
155. Hacking Tools Kit
156. Pentest Tools Kali Linux
157. Hacker Tools Free Download
158. Nsa Hack Tools Download
159. Physical Pentest Tools
160. Hacking Tools Free Download
161. Beginner Hacker Tools
162. Hacking Tools Github
163. Hacking Tools Online
164. Best Pentesting Tools 2018
165. Pentest Tools For Mac
166. Physical Pentest Tools
167. New Hack Tools
168. Pentest Tools Subdomain
169. Hack App
170. Pentest Tools Online
171. Pentest Tools Kali Linux
172. Hack Website Online Tool
173. Hacker Tools Software
174. Hacker Tools Apk
175. Tools 4 Hack
176. Pentest Tools Tcp Port Scanner
177. Beginner Hacker Tools
178. Pentest Tools Open Source