A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.
"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."
That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.
The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."
The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.
Read more- Hack Tools
- Hacking Tools Pc
- Pentest Tools Github
- Underground Hacker Sites
- Pentest Tools
- Pentest Tools Review
- Pentest Tools Website Vulnerability
- Hacker Tools
- Pentest Automation Tools
- Hacking Tools Github
- How To Hack
- Ethical Hacker Tools
- What Are Hacking Tools
- Pentest Tools Kali Linux
- Pentest Tools Open Source
- Best Pentesting Tools 2018
- Hacker Tools Software
- Hack Tools Github
- Hack Rom Tools
- Hack Tools For Mac
- Pentest Recon Tools
- Hack Tool Apk No Root
- Hacking Tools For Kali Linux
- Free Pentest Tools For Windows
- Pentest Tools Free
- Tools Used For Hacking
- Hacker Tools Linux
- Github Hacking Tools
- Hacker Tools For Windows
- Pentest Tools Online
- Hack Tools For Ubuntu
- Pentest Tools Android
- Hacking Tools 2020
- Underground Hacker Sites
- Hacking Apps
- Pentest Box Tools Download
- Hacker Tools For Ios
- Pentest Tools Open Source
- World No 1 Hacker Software
- Nsa Hack Tools Download
- Hacking Tools For Beginners
- Hackers Toolbox
- Pentest Tools Linux
- Hacker Tools For Pc
- Hacking Tools
- Hacking Tools For Windows Free Download
- Usb Pentest Tools
- Hacking Tools Pc
- Hack Tools For Games
- Hacking Tools For Windows
- Hacker Tools Linux
- Hackrf Tools
- Hacking Tools Software
- Wifi Hacker Tools For Windows
- Hacking Tools Pc
- Hacker Tools Apk
- Hacker Search Tools
- World No 1 Hacker Software
- Pentest Tools For Ubuntu
- Hack Tools For Ubuntu
- Pentest Tools Review
- Hacker Tools Apk Download
Nenhum comentário:
Postar um comentário