Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code execution (RCE) vulnerability in version 5.0.4 and older.
The flaw allows an unauthenticated user to perform a local file inclusion attack, such as a PHP file, to execute code on the site.
“The local file inclusion vulnerability exists due to the way user input data is used inside of PHP’s include function that are part of the ajax_load_more and ajax_eael_product_gallery functions.” explains PatchStack researchers who discovered the vulnerability.
Also Read: Facts About Accountability PDF That You Need to Know About
The only prerequisite for the attack is for the site to have the “dynamic gallery” and “product gallery” widgets enabled so that a none token check is present.
Researcher Wai Yan Muo Thet discovered the vulnerability on January 25, 2022, and the plugin developer already knew about its existence at that time.
In fact, the author had released version 5.0.3 to address this issue by applying a “sanitize_text_field” function on the user input data. However, this sanitization doesn’t prevent the inclusion of local payloads.
The second attempt was version 5.0.4, which added the “sanitize_file_name” function and attempted to remove special characters, dots, slashes, and anything that could be used for overriding the text sanitization step.
Also Read: 5 Brief Concepts Between Data Protection Directive vs GDPR
This was the version that Patchstack tested and found vulnerable, so they informed the developer that the fix hadn’t mitigated the issue sufficiently.
Eventually, the author released version 5.0.5 that implemented PHP’s “realpath” function, preventing malicious pathname resolutions.
This version was released last week, on January 28, 2022, and at this time has only been installed approximately 380,000 times according to WordPress’ download statistics.
With the plugin installed in over 1 million WordPress sites, that means there are over 600K sites that have not applied the security update yet.
If you are among the many that use Essential Addons for Elementor, you can get the latest version from here or apply the update directly from the WP dashboard.
To prevent actors from leveraging local file inclusion flaws even when they can’t be directly mitigated, follow these steps:
Importance of Efficient Access Controls that every Organisation in Singapore should take note of. Enhancing…
Prioritizing Security Measures When Launching a Webpage That Every Organisation in Singapore should take note…
Importance of Regularly Changing Passwords for Enhance Online Security that every Organisation in Singapore should…
Comprehensive Approach to Data Protection and Operational Integrity that every Organsiation in Singapore should know…
Here's the importance of Pre-Launch Testing in IT Systems Implementation for Organisations in Singapore. The…
Understanding Liability in IT Vendor Relationships that every Organisation in Singapore should look at. Understanding…
This website uses cookies.