A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.
"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."
That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.
The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."
The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.
Continue reading
- Nsa Hacker Tools
- Hack Tools 2019
- Pentest Tools For Android
- Tools 4 Hack
- Hack Tools For Games
- Hacking Tools Windows 10
- Best Pentesting Tools 2018
- Pentest Tools Download
- Pentest Tools Review
- Hacker Tools Hardware
- Pentest Tools Website Vulnerability
- Hacking Tools For Mac
- Hack Tools Download
- Hacker Hardware Tools
- Hacking Tools For Beginners
- Pentest Tools Alternative
- Hacker Tools For Ios
- New Hacker Tools
- Hacking Tools Hardware
- Hacker Tools Windows
- Kik Hack Tools
- Nsa Hack Tools
- New Hacker Tools
- Pentest Automation Tools
- Blackhat Hacker Tools
- Pentest Tools Windows
- Tools For Hacker
- Hacking Tools Kit
- Hacker Security Tools
- Pentest Tools For Ubuntu
- Pentest Tools Download
- Hackrf Tools
- Hacking Apps
- Hacking Tools For Games
- Hacking Tools 2019
- How To Hack
- Nsa Hack Tools Download
- Hacker Tools Software
- Hack Tools
- Tools 4 Hack
- Pentest Tools
- Pentest Tools Android
- Hacker Tools List
- Hack Tools Github
- Hacking App
- Hacking Tools For Mac
- Pentest Tools Port Scanner
- Hacker Tools Hardware
- Hacking Tools
- Hacker
- Pentest Tools Port Scanner
- Beginner Hacker Tools
- New Hack Tools
- Best Pentesting Tools 2018
- What Are Hacking Tools
- Pentest Tools Online
- Hackers Toolbox
- Pentest Recon Tools
- Pentest Tools Apk
- Pentest Tools Github
- Underground Hacker Sites
- Pentest Automation Tools
- Hack Tools Github
- Pentest Tools Website Vulnerability
- Hacker Tools Apk Download
- Hacking Tools Name
- Hacker Tools Mac
- Hacker Tools Linux
- Hacking Tools Name
- Pentest Tools Port Scanner
- Pentest Tools Kali Linux
- Hacker Tools Free
- Hacker Tools List
- Pentest Tools List
- Hacking Tools 2019
- Hacker Tools For Windows
- Pentest Tools Website
- Hacking Tools And Software
- Hacking Tools 2019
- Hacking Tools For Windows Free Download
- Pentest Tools For Android
- Hacker Search Tools
- Hacking Tools For Games
- Hacker Security Tools
- Game Hacking
- Beginner Hacker Tools
- Hack Tools Mac
- Beginner Hacker Tools
- World No 1 Hacker Software
- Free Pentest Tools For Windows
- Pentest Tools Kali Linux
- Underground Hacker Sites
- Hacking Tools Software
- Hacking Tools For Windows 7
- Hack Tools Pc
- Pentest Tools For Mac
- Hacks And Tools
- Pentest Automation Tools
- Black Hat Hacker Tools
- Hacking Tools Software
- Hack Tools
- Best Hacking Tools 2019
- Pentest Tools Website Vulnerability
- Hack Tools
- Pentest Tools Github
- Android Hack Tools Github
- Hacker Tools Linux
- Best Hacking Tools 2019
- Hacking Tools
- Hacking Tools Hardware
- Hacker Tools 2020
- Hacker Hardware Tools
- Hack Tools Mac
- Hacker Search Tools
- Tools Used For Hacking
- Hacker Security Tools
- Tools For Hacker
- Hacking Tools For Kali Linux
- Github Hacking Tools
- Best Pentesting Tools 2018
- Best Hacking Tools 2019
沒有留言:
發佈留言