A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.
"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."
That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.
The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."
The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.
More info- Pentest Tools For Android
- How To Make Hacking Tools
- Underground Hacker Sites
- Github Hacking Tools
- Hak5 Tools
- Hacker Security Tools
- Hacker Tools Hardware
- Hacker Tools For Pc
- Hack Tool Apk
- Usb Pentest Tools
- Hacker Tool Kit
- Hacker
- Hacker Tools
- Hacking Tools Hardware
- Hacking Tools 2019
- Pentest Tools Open Source
- Pentest Box Tools Download
- Hack Tools For Mac
- Hack Tools Online
- Pentest Tools Online
- Pentest Box Tools Download
- Pentest Tools For Windows
- Hack Tools 2019
- Hack Tools Github
- Hack Tools Github
- Hacking Tools For Windows 7
- Best Hacking Tools 2019
- Pentest Tools Url Fuzzer
- Hacking Tools 2019
- Hack Tools
- Pentest Tools Nmap
- Pentest Recon Tools
- Hacking Tools Windows 10
- Pentest Tools Online
- Pentest Tools Download
- Hacker Tools Free Download
- Hack Tools For Games
- Best Pentesting Tools 2018
- Pentest Tools Free
- Hacking Tools Download
- Hack App
- Hacker Tools List
- Pentest Tools List
- Hacking Apps
- Hacking Tools 2019
- Pentest Automation Tools
- Android Hack Tools Github
- Hack Website Online Tool
- Hacker Tools Hardware
- Hacking Tools For Kali Linux
- Pentest Reporting Tools
- Hacker Search Tools
- Nsa Hack Tools Download
- Hacking Tools Free Download
- Pentest Tools For Mac
- Hacking Tools
- Hackrf Tools
- Easy Hack Tools
- Hack Tools
- Pentest Tools
- Best Hacking Tools 2020
- What Are Hacking Tools
- Hack Apps
- Hacking Tools Online
- Hacker Tools For Windows
- Hackers Toolbox
- Hackrf Tools
- Hack Tools For Ubuntu
- Hacker Tools Hardware
- Pentest Box Tools Download
- Hacking Tools
- Hacking Tools
- Hacking Tools Hardware
- Hacker Tool Kit
- How To Make Hacking Tools
- Pentest Tools Nmap
- Hacker Tools Software
- Hack Tools
- Pentest Tools Download
- Hacking Tools Usb
- Hacking Tools Github
- Hacking Tools For Windows 7
- Hacker Tools Free Download
- Hacking Tools Download
- Hacker Tools Apk
- Pentest Tools Website Vulnerability
- Hack Apps
- Pentest Box Tools Download
- Tools 4 Hack
- Hacker Tools Free Download
- Hacking Tools Free Download
- Hacker Tools Free Download
- Hack Rom Tools
- Hacker Techniques Tools And Incident Handling
- Hacking Tools Download
No comments:
Post a Comment