A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.
"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."
That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.
The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."
The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.
More articles
- Pentest Tools Find Subdomains
- Pentest Tools Website Vulnerability
- Hack Tools Pc
- Hack Tools For Ubuntu
- Hacker Tools Mac
- Pentest Box Tools Download
- New Hack Tools
- Hacking Tools 2019
- Hacking Tools Free Download
- Hacking Tools For Games
- Hacker Tools 2020
- Hacker Tools Free Download
- Hack Tools Online
- Pentest Tools Website
- Hacker Tools Apk
- Hacking Tools For Kali Linux
- Hacker Tools
- Hacks And Tools
- Android Hack Tools Github
- Pentest Tools Nmap
- Hack Tools
- Pentest Tools Bluekeep
- Top Pentest Tools
- Pentest Tools Find Subdomains
- Pentest Tools Open Source
- Hackrf Tools
- Pentest Tools Website Vulnerability
- Hacking Tools Github
- Hack Tools Download
- Hack Tools 2019
- Best Hacking Tools 2019
- Hacking Apps
- Hacker Tools List
- Hacking Tools For Mac
- Hack Tools
- Hacker Hardware Tools
- Hack Tools For Ubuntu
- Pentest Tools Subdomain
- Hacker Tools Free Download
- Pentest Tools Framework
- Pentest Tools Framework
- Hacking Tools For Windows
- Best Pentesting Tools 2018
- Hackers Toolbox
- Tools Used For Hacking
- Pentest Reporting Tools
- Pentest Tools Website Vulnerability
- What Are Hacking Tools
- Hack Tools
- Hacking Tools 2019
- Hacker Tools List
- Hacking Tools For Games
- Hacking Tools Kit
- Hack And Tools
- Pentest Tools For Ubuntu
- Hack Tools For Windows
- Hacker Hardware Tools
- Hacking Tools Windows 10
- Hack Tools Download
- Pentest Tools Tcp Port Scanner
- Hacker Tools 2019
- Pentest Tools Android
- Hacking Tools Hardware
- Pentest Tools Open Source
- Pentest Tools Kali Linux
- Hacking Tools Hardware
- Beginner Hacker Tools
- Hacking Tools Kit
- Hacker Tools Apk
- Hacking Tools Name
- Hack Tools Download
- Pentest Recon Tools
- Pentest Tools Linux
- Growth Hacker Tools
- Hacking Tools Pc
- World No 1 Hacker Software
- Hacker Tools Windows
- Tools 4 Hack
- Hacker Tools 2019
- Pentest Tools Free
- Pentest Tools Website Vulnerability
- Pentest Tools Framework
- Hacker Techniques Tools And Incident Handling
- Hack Tools
- Hack Tool Apk
- Hacker Tools For Mac
- Tools 4 Hack
- Blackhat Hacker Tools
- Hacker Tools Hardware
- Hack Tools 2019
- Hacking Tools For Mac
- Hacks And Tools
- Pentest Tools
- Tools Used For Hacking
- How To Hack
- Pentest Recon Tools
- Hacking Tools
- Pentest Tools Framework
- Hacking Tools 2020
- Hack Tools Mac
- Hacking Tools Github
- Hacker Tools Mac
- Pentest Tools Bluekeep
- Hack Tools For Games
- Ethical Hacker Tools
- Hacker Tools Free Download
- Best Pentesting Tools 2018
- Best Pentesting Tools 2018
- Hacking Tools
- Ethical Hacker Tools
- Hacking Tools Mac
- Pentest Tools Port Scanner
- Hacking Tools Mac
- Pentest Tools Url Fuzzer
- How To Hack
- Hacker Tools Linux
- Pentest Tools Website Vulnerability
- Usb Pentest Tools
- Pentest Tools Framework
- Hack Tools 2019
- New Hack Tools
- Hacker Hardware Tools
- Tools Used For Hacking
- Pentest Tools Download
- Pentest Tools Find Subdomains
- Hacker Tools 2020
- Hacker Tools Free Download
- Blackhat Hacker Tools
- Pentest Tools Url Fuzzer
- Hacking Tools For Games
- Pentest Tools For Windows
- Hacking Tools
- What Are Hacking Tools
- Pentest Tools Android
- Pentest Tools Subdomain
- Growth Hacker Tools
- Pentest Tools List
- Hack Tools Github
- Hack Tools Mac
- Hacker Tools Github
- Hack Tools
- Hacker Tools Mac
- Termux Hacking Tools 2019
- Hacking Tools Github
- Hacking Tools Kit
- Pentest Tools Github
- Hacking Tools For Windows 7
- Hacker Tools Windows
- Hacking Tools Usb
- Hacker Tools For Ios
- Nsa Hacker Tools
- Hack Tools Github
- Hacking Tools For Pc
- Hacking Tools For Windows
- Hacking Tools For Windows
- Hacking Tools And Software
- Hack Tools For Games
- Pentest Tools Github
- Pentest Automation Tools
- Bluetooth Hacking Tools Kali
- Hacking Tools 2019
- Tools 4 Hack
- World No 1 Hacker Software
- New Hack Tools
- Hacker Tools Apk
- Underground Hacker Sites
- Tools 4 Hack
- Ethical Hacker Tools
- Hacking Tools Windows
- Hacker Tools For Mac
- Hack Tools For Ubuntu
- Hacking Tools For Windows
- What Are Hacking Tools
No hay comentarios:
Publicar un comentario