Are you using the Essential Addons for Elementor WordPress plugin? Time to update the plugin as it has experienced vulnerabilities that could allow malicious attackers to run arbitrary code on your website.
WPScan, a security site, was the first one to discover and report this vulnerability in the Essential Addons for Elementor plugin. According to the security site:
“The plugin does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead to RCE via user uploaded files or other LFI to RCE techniques.“
The vulnerability was then announced on the United States National Vulnerability Database on February 1.
According to the site, the vulnerabilities in the plugin have made it possible for attackers to launch a local file intrusion attack which allows an attacker to cause a WordPress installation to reveal sensitive information and read arbitrary files. From there, it could lead to more serious attacks, such as attacks that could run arbitrary code on a WordPress site and cause a lot of damage, which includes a full site takeover.
According to WPScan that first reported the vulnerability, the issues were fixed in the 5.0.5 version of the plugin. However, the plugin changelog for the Lite version of the plugin states that version 5.0.6 is fixing an additional data sanitization today (February 2, 2022)
To protect your site, it is best to update to at least the 5.0.6 version of the plugin.
The WPScan Vulnerability report can be read here
Before you can receive free updates, link building strategies or SEO tips you need to confirm your email right now.
(It’s easy)
Just go to your inbox, open the confirmation email from the SIA, and click the link.
And that’s it!
PS: If you don’t see a confirmation email, please check your spam/junk or promotions folders. Sometimes the confirmation message ends up there by mistake.
Obtenez nos 7 études S.I.A. les plus controversées qui feront trembler la tête même les SEO les plus avancés d’incrédulité.
De plus, nous vous alerterons lorsque nous publierons de nouveaux tests au public.
Obtenga nuestros 7 estudios S.I.A. más controvertidos que harán que incluso el SEO más avanzado sacuda la cabeza con incredulidad.
Además, le avisaremos cuando publiquemos nuevas pruebas al público.
Get Our Most 7 Controversial S.I.A. Studies That Will Make Even the Most Advanced SEO Shake Their Head in Disbelief.
Plus we will alert you when we publish new tests to the public.
