OP 01 February, 2022 - 06:22 AM
Quote:Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code execution (RCE) vulnerability in version 5.0.4 and older. Explains PatchStack researchers who discovered the vulnerability. Sample of code that triggers the flaw Source: Patchstack Two failed patching attempts Researcher Wai Yan Muo Thet discovered the vulnerability on January 25, 2022, and the plugin developer already knew about its existence at that time. However, this sanitization doesn't prevent the inclusion of local payloads. The second attempt was version 5.0.4, which added the "sanitize_file_name" function and attempted to remove special characters, dots, slashes, and anything that could be used for overriding the text sanitization step. With the plugin installed in over 1 million WordPress sites, that means there are over 600K sites that have not applied the security update yet.
Source: https://www.bleepingcomputer.com/news/se...erability/
![[Image: 81QoXii.gif]](https://imgur.com/81QoXii.gif)
![[Image: PUm4fxA.gif]](https://i.imgur.com/PUm4fxA.gif)
Above Services are Paid Advertisement