WordPress has not had it easy in recent months. Several of its plugins and extensions have been affected by different bugs and vulnerabilities.This time, a bug was found in the Essential Addons for Elementor plugin, which causes great concern because millions of users widely use it due to its features. Learn all the details in today’s article.
WordPress plugin Essential Addons for Elementor has a vulnerability
Essential Addons for Elementor is a plugin widely used by millions of websites around the world. It’s easy to understand why: this plugin offers website developers and owners an extensive library of more than 80 elements and extensions to design and customize both pages and posts. All this is very helpful so that you do not have to spend so much time designing and programming page after page.
In the report announcing the findings of the vulnerability, investigated by Patchstack, it is stated: “This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack… This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed.”
Where can the vulnerability be found?
Not all the Essential Addons for Elementor library is presenting this error; it only appears if the website makes use of the widgets: dynamic gallery and product gallery or any similar one. The vulnerability impacts all versions of the plugin, starting with 5.0.4 and below. Wai Yan Myo Thet is the researcher who found the flaw and conducted its study.
For version 5.0.5, the patch that managed to eradicate the flaw was finally released. It was released on January 28, after several unsuccessful attempts. However, this vulnerability only adds to the long list that WordPress has presented in recent months, which not only affects plugins and extensions, but even access doors have been found on vulnerable sites that allow cybercriminals to infect more sites.
Essential Addons for Elementor will not be the last element to be attacked nor the last attempt the WordPress platform faces. Being one of the most used in the world, it is understandable that it motivates cybercriminals to keep an eye on it. Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp