A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.
"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."
That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.
The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."
The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.
Related links- Pentest Tools List
- Hackers Toolbox
- Free Pentest Tools For Windows
- Hacking Tools For Beginners
- Hack Tools For Mac
- Hacker
- Nsa Hack Tools
- Hacker Techniques Tools And Incident Handling
- Pentest Tools Apk
- Hacking Tools Free Download
- Hacker Techniques Tools And Incident Handling
- Hack Tool Apk
- Pentest Tools Website
- Hacker Tools For Ios
- Nsa Hack Tools
- Hack Tool Apk No Root
- Black Hat Hacker Tools
- Pentest Tools Bluekeep
- Tools Used For Hacking
- Hacking Tools Windows 10
- Android Hack Tools Github
- Hacker Tools For Ios
- Hacking Tools Windows 10
- Hacker Tools For Ios
- Tools 4 Hack
- Pentest Tools Free
- Nsa Hack Tools Download
- Pentest Tools Download
- Hacker Tools Online
- Free Pentest Tools For Windows
- Pentest Tools List
- Pentest Tools Windows
- Hacker Tools Software
- Pentest Tools Tcp Port Scanner
- Hacking Tools Free Download
- Hack Tools For Games
- Beginner Hacker Tools
- Pentest Tools For Mac
- Hacker Tools Software
- Pentest Tools Nmap
- Pentest Tools For Ubuntu
- Pentest Tools For Windows
- Pentest Tools For Windows
- Best Hacking Tools 2019
- Hacker
- Pentest Tools Apk
- Hacking Tools
- Hack Rom Tools
- Hackers Toolbox
- Hack Tools Github
- Hacking Tools For Pc
- Computer Hacker
- Hacker Tools Software
- Tools For Hacker
- Pentest Tools Port Scanner
- Pentest Tools For Ubuntu
- Hacking Tools For Windows
- What Are Hacking Tools
- Pentest Tools Android
- Pentest Tools Free
- Underground Hacker Sites
- Hack Tools For Games
- Hacker Tools
- Hacking Tools Mac
- Pentest Tools Free
- Bluetooth Hacking Tools Kali
- Black Hat Hacker Tools
- Pentest Reporting Tools
- Game Hacking
- Hacker Tools Github
- Pentest Tools For Android
- Nsa Hack Tools Download
- Hacking Tools Github
- Hacking Tools For Games
- Best Pentesting Tools 2018
- Termux Hacking Tools 2019
- Hacking Tools For Windows 7
- Hack Tools
- What Is Hacking Tools
- Hack Tools Download
- Pentest Tools For Android
- Pentest Tools Online
- Hacking Tools And Software
- Hackers Toolbox
- Hack Website Online Tool
- Hack Tools Github
- Hacker Tools Mac
- Kik Hack Tools
- Bluetooth Hacking Tools Kali
- Pentest Tools Linux
- Tools For Hacker
Sem comentários:
Enviar um comentário