Essential Addons for Elementor Patches Critical Security Vulnerability

Essential Addons for Elementor Patches Critical Security Vulnerability

Posted by WP Tavern on February 9, 2022 at 4:40 am
kitty kitty CATegory News
Essential Addons for Elementor, a popular plugin with more than a million active installs, has patched a critical vulnerability that would allow for a local file inclusion attack. The vulnerability was discovered by security researcher Wai Yan Myo Thet and reported to Patchstack on January 25, 2022. Patchstack customers received a virtual patch the same day. The issue was already known to the plugin’s developers, WPDeveloper, who issued two insufficient patches before it was ultimately fixed in version 5.0.5. Patchstack published a summary of the vulnerability and explained how WordPress sites using the plugin could be compromised: This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack. This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed. It’s important to note that the vulnerability primarily impacts users who have the dynamic gallery and product gallery widgets in use. The plugin’s changelog makes the update seem more like an enhancement than a serious security concern, so users may not be fully aware that…

…Full post on WP Tavern
Read Full

Similar Posts

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments