We shouldn’t need to say, “Check your inputs!” these days, but we’re saying it anyway.
If you run a WordPress site and you use the Elementor website creation toolkit, you could be at risk of a security hole that combines data leakage and remote code execution.
That’s if you use a plugin called Essential Addons for Elementor, which is a popular tool for adding visual features such as timelines, image galleries, ecommerce forms and price lists.
Wai Yan Myo Thet, an independent threat researcher, recently discovered what’s known as a file inclusion vulnerability in the product.
Click here for the full article: Elementor WordPress plugin has a gaping security hole – update now
Recent Posts
-
VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models
-
VU#123335: Multiple programming languages fail to escape arguments properly in Microsoft Windows
-
VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks
-
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks
-
VU#417980: Implementations of UDP-based application protocols are vulnerable to network loops
