The Essential Addons for Elementor WordPress plugin, with over a million users recently patched multiple vulnerabilities that could have allowed malicious attackers to run arbitrary code on a targeted WordPress website.

LFI to RCE Attack Vulnerability

According to the U.S. Government NIST website, vulnerabilities on the Essential Addons for Elementor plugin made it possible for an attacker to launch a a Local File Inclusion attack, which is an exploit that allows an attacker to cause a WordPress installation to reveal sensitive information and read arbitrary files.

From there the attack…

Nowadays maximum of people choose WordPress hosting for content posting and content marketing systems equally. The WordPress hosting is able to provide you with all the best services like Excellent data security, site maintenance, and Last but most important that they provide a high level of security while posting the website content on their site. There are numerous numbers of parameters that play a significant role while choosing WordPress hosting. Without the parameters and knowing them all you cannot just select or pick out any one of them for posting your website content.

If…

A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.

The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.

“This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack,” Patchstack said in a report. “This attack can be used to include local files on the…

One of my favorite tools in the past few days is the Block X-ray Attributes plugin by Sal Ferrarello. It is geared toward developers and shows block attributes in the WordPress editor.

After seeing his tweet on Friday, I immediately installed it.

One of my favorite tools in the past few days is the Block X-ray Attributes plugin by Sal Ferrarello. It is geared toward developers and shows block attributes in the WordPress editor.

After seeing his tweet on Friday, I immediately installed it.

Over one million WordPress websites might have been impacted by a critical vulnerability in the Essential Addons for Elementor plugin.

Essential Addons for Elementor provides WordPress site admins with more than 80 elements and extensions to help them easily design WordPress pages and posts.

Affecting version 5.0.4 and earlier of the plugin, the security flaw allows any user to perform a local file inclusion attack, regardless of their authentication or authorization level. The attack then could lead to remote code execution, if the included file contains malicious PHP code.

The issue was…

Freelance WordPress developer Aurooba Ahmed released the Super List Block plugin earlier today. Essentially, it is like the core WordPress List block — just supercharged. It is her first publicly-released extension on WordPress.org.

The primary use case for the plugin is adding other blocks within the list items. However, its options allow users to take it further by supporting grid-based layouts.

WordPress does not currently allow end-users to nest other blocks into list items via the editor. It is rich text or nothing, and it can be an irritating part of the editing experience…

New Jersey, United States,- The Blogging Platforms Market report covers the whole scenario of the global market including key players, their future promotions, preferred vendors, market shares along with historical data and price analysis. It continues to offer key details on changing dynamics to generate market improving factors. It aims to rationalize the expenses of the company. You can also find the current revenue generation rate and spend score here. The best thing about the Blogging Platforms market report is the provision of guidelines and strategies followed by major market…

Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code execution (RCE) vulnerability in version 5.0.4 and older.

The flaw allows an unauthenticated user to perform a local file inclusion attack, such as a PHP file, to execute code on the site.

“The local file inclusion vulnerability exists due to the way user input data is used inside of PHP’s include function that are part of the ajax_load_more and ajax_eael_product_gallery functions.” explains PatchStack researchers who discovered the vulnerability.

The…