[ad_1]
Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code execution (RCE) vulnerability in version 5.0.4 and older.
The flaw allows an unauthenticated user to perform a local file inclusion attack, such as a PHP file, to execute code on the site.
“The local file inclusion vulnerability exists due to the way user input data is used inside of PHP’s include function that are part of the ajax_load_more and ajax_eael_product_gallery functions.” explains PatchStack researchers who discovered the vulnerability.
The…
More Info