Critical Bug Found In WordPress Plugin For Elementor With Over A Million Installations

 

A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.

The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.

"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."

That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.

The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."

The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.

Related links

1. Pentest Tools Website
2. Blackhat Hacker Tools
3. Pentest Tools Open Source
4. Pentest Reporting Tools
5. Bluetooth Hacking Tools Kali
6. Hacking Tools Windows
7. Hacker Techniques Tools And Incident Handling
8. What Are Hacking Tools
9. Hacking Tools Online
10. Hacker Security Tools
11. Best Pentesting Tools 2018
12. Hacking App
13. Wifi Hacker Tools For Windows
14. Pentest Tools Website
15. Hak5 Tools
16. Hacking Tools For Beginners
17. Tools 4 Hack
18. Kik Hack Tools
19. Hack Tools Pc
20. Pentest Tools Github
21. Tools Used For Hacking
22. Hacking Tools For Pc
23. Pentest Tools
24. Hack And Tools
25. Kik Hack Tools
26. Hacker Hardware Tools
27. Hacking Tools Usb
28. Underground Hacker Sites
29. Hacking Tools For Mac
30. Hacker Security Tools
31. Pentest Tools Website
32. World No 1 Hacker Software
33. Hacker Tools Software
34. Hacking Tools Pc
35. Pentest Tools For Mac
36. Best Hacking Tools 2019
37. What Is Hacking Tools
38. What Is Hacking Tools
39. Pentest Tools Subdomain
40. Blackhat Hacker Tools
41. Hacker Tools For Pc
42. Blackhat Hacker Tools
43. Hak5 Tools
44. Pentest Box Tools Download
45. Hacking Tools For Windows 7
46. Hack Tools
47. Hacking Tools For Windows 7
48. Hak5 Tools
49. Install Pentest Tools Ubuntu
50. Hack And Tools
51. Hack Tools For Pc
52. Hack Tools Online
53. Hacking Tools Usb
54. Hacking Tools For Pc
55. What Is Hacking Tools
56. Tools Used For Hacking
57. Pentest Tools For Mac
58. Hacker Tools Mac
59. Hacker Tools Windows
60. Hacker Tool Kit
61. Hack Tools 2019
62. Best Hacking Tools 2020
63. Hak5 Tools
64. What Are Hacking Tools
65. How To Hack
66. Hack Tools Github
67. Hack Tools For Windows
68. Hacks And Tools
69. Hacking Tools For Windows
70. Underground Hacker Sites
71. Hacking Tools For Windows
72. Pentest Tools For Mac
73. Hackers Toolbox
74. Hack Tools Download
75. Black Hat Hacker Tools
76. Physical Pentest Tools
77. Hacking Tools 2019
78. Hacking Tools Download
79. Best Hacking Tools 2020
80. Best Pentesting Tools 2018
81. What Is Hacking Tools
82. Pentest Tools Review
83. Termux Hacking Tools 2019
84. Pentest Tools Find Subdomains
85. Hack Tools For Games
86. Hacker Search Tools
87. Hacking Tools Software
88. Best Hacking Tools 2020
89. Best Hacking Tools 2020
90. Hacking Tools Mac
91. Computer Hacker
92. Nsa Hack Tools Download
93. Hacker Tools For Windows
94. Easy Hack Tools
95. New Hack Tools
96. Pentest Tools Review
97. What Are Hacking Tools
98. Pentest Box Tools Download
99. Tools For Hacker
100. Hacking Tools Software
101. Ethical Hacker Tools
102. Pentest Tools Bluekeep
103. Pentest Tools Windows
104. Pentest Tools Website
105. Hacking Tools For Windows
106. Blackhat Hacker Tools
107. Bluetooth Hacking Tools Kali
108. Hack Tools Pc
109. Hacking Tools Hardware
110. Pentest Tools Find Subdomains
111. Hacker Tools Linux
112. Pentest Tools
113. Pentest Tools Linux
114. Hacking Tools Hardware
115. Hacking Tools For Mac
116. Hacker Tools Windows
117. Hack Tools Online
118. Best Pentesting Tools 2018
119. Pentest Tools Open Source
120. How To Make Hacking Tools
121. Pentest Tools Website Vulnerability
122. Hacker Tools 2020
123. Hacker Tools Free Download
124. Hacking Tools For Kali Linux
125. Hack Tools
126. Hack Tools Github
127. Hack Tools
128. Hacking Tools Windows
129. Hacker Security Tools
130. Github Hacking Tools
131. Hack Tools For Pc
132. Hacker
133. Pentest Tools Alternative
134. Hack Rom Tools
135. Hacker Tools
136. Pentest Tools Kali Linux
137. Hacker Tools Hardware
138. Pentest Tools Download
139. Hack Apps
140. Pentest Tools Website
141. Hacker Tools Free Download
142. Best Hacking Tools 2020
143. New Hacker Tools
144. Hacker Techniques Tools And Incident Handling
145. Hacking Tools Github
146. Hacker Tools
147. Hacking Tools Github
148. Hacking App
149. Hacking Tools Software
150. Tools 4 Hack
151. Pentest Tools
152. Easy Hack Tools
153. Hacker
154. Pentest Tools List
155. Hack Tools For Pc
156. Hacker Tools List
157. Hacker Tools For Pc
158. Bluetooth Hacking Tools Kali
159. Hack App
160. Hack Rom Tools
161. Pentest Tools For Mac
162. Hacker Tools For Pc
163. Nsa Hacker Tools
164. Hacker Techniques Tools And Incident Handling
165. Hack Tools Download
166. Hacker Search Tools
167. Hacking Tools For Mac
168. Growth Hacker Tools
169. Github Hacking Tools
170. Hacker Tools Linux
171. Pentest Tools Online
172. Hack Tools Download
173. Pentest Tools Website
174. Hacker Tools Mac
175. Pentest Tools Website
176. Hacking Tools 2020
177. Pentest Tools Alternative
178. Hacker Tools 2019