A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.
The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.
"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."
That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.
The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."
The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.
Continue reading- Hack Website Online Tool
- Black Hat Hacker Tools
- Pentest Tools Framework
- Pentest Tools For Windows
- Pentest Reporting Tools
- Hack Rom Tools
- Hacks And Tools
- Hacker Hardware Tools
- Growth Hacker Tools
- Hacker Tools List
- Pentest Tools Alternative
- Hacking Tools 2019
- Best Hacking Tools 2019
- Hacker Tools Mac
- Hack And Tools
- Pentest Tools Tcp Port Scanner
- Hack Apps
- Usb Pentest Tools
- Hack Tools Github
- Pentest Tools For Ubuntu
- Hacking Tools Windows 10
- Hack Tools Github
- Tools For Hacker
- Pentest Tools Windows
- Hacker Tools Hardware
- Hacker Tools 2020
- Pentest Reporting Tools
- Hack Rom Tools
- Pentest Tools Linux
- Pentest Recon Tools
- Hacking Tools And Software
- Best Pentesting Tools 2018
- Hacks And Tools
- Pentest Tools Github
- Hacker Tools Linux
- Pentest Tools Website
- Tools For Hacker
- Hacker Tools Free Download
- Best Pentesting Tools 2018
- Pentest Tools Alternative
- Hacking Tools Usb
- Pentest Tools Website
- Tools For Hacker
- Hacking Tools
- Hackrf Tools
- Hacker Tools 2019
- Pentest Tools Website Vulnerability
- Hacking Tools 2020
- Hacking Tools For Beginners
- Hack Tool Apk No Root
- What Is Hacking Tools
- Pentest Tools Online
- Hack Tools Github
- Hak5 Tools
- Hacker Tools Linux
- Hacker Tool Kit
- Hack Tools Mac
- Hacking Tools Software
- Hacking Tools Online
- Nsa Hack Tools
- Pentest Tools Find Subdomains
- Hacking App
- Hack Tools For Windows
- Blackhat Hacker Tools
- Hacker
- Hacker Tools Apk
- Hacker Tools For Windows
- Hacking Tools Windows
- Hacking Tools For Pc
- Hack Tool Apk No Root
- Physical Pentest Tools
- Nsa Hack Tools Download
- Hacker Tools Online
- Underground Hacker Sites
- Hacker Tools Software
- Hacker Tools Apk
- Pentest Tools For Ubuntu
- Hacker Tools Apk
- Hacking Tools Mac
- Tools 4 Hack
- Hak5 Tools
- How To Install Pentest Tools In Ubuntu
- Pentest Tools Tcp Port Scanner
- Hacking Tools For Windows Free Download
- Tools For Hacker
- Easy Hack Tools
- Pentest Tools Tcp Port Scanner
- Hacker Tools For Windows
- Hacker Tool Kit
- Hacking Tools Github
- Pentest Tools For Windows
- Hacker Tools For Pc
- Pentest Reporting Tools
- Pentest Recon Tools
- Best Hacking Tools 2019
- Pentest Tools Website
- Hacker Search Tools
- New Hacker Tools
- Pentest Tools Subdomain
- Hacker Tool Kit
- Hack Website Online Tool
- Pentest Reporting Tools
- World No 1 Hacker Software
- Hack Tool Apk
No hay comentarios:
Publicar un comentario