600K WordPress sites impacted by critical plugin RCE vulnerability

[ad_1]

wordpress

Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code execution (RCE) vulnerability in version 5.0.4 and older.

The flaw allows an unauthenticated user to perform a local file inclusion attack, such as a PHP file, to execute code on the site.

“The local file inclusion vulnerability exists due to the way user input data is used inside of PHP’s include function that are part of the ajax_load_more and ajax_eael_product_gallery functions.” explains PatchStack researchers who discovered the vulnerability.

The…

[ad_2]
More Info

About mblog.my

Check Also

Adding Images From Your Phone With Ease – WordPress.com News

Adding Images From Your Phone With Ease – WordPress.com News

[ad_1] We’re excited to share a new feature in the desktop editor and Jetpack mobile …

Leave a Reply

Your email address will not be published. Required fields are marked *