Offer Ends in:

* Discount will be auto applied.

Special Offer - UP TO 45% off​
Offer Ends in:

* Discount will be auto applied.

1+ Million websites impacts due to Critical RCE WordPress plugin Essential Addons for Elementor

A popular WordPress plugin has active install more than a million and has patched a critical vulnerability that would allow for a local file inclusion attack.

Essential Addons for Elementor one of the most popular WordPress Plugin Patches Critical Security Vulnerability.

Security researcher Wai Yan Myo discovered the vulnerability and reported it to Patchstack on January 25, 2022. As soon as issues were known to the WPDeveloper who issued two insufficient patches before it was finally fixed in version 5.0.5

According to report this vulnerability allows any user, to perform a local file inclusion attack regardless of their authentication. This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed.

The primary impact was only for those users who have the dynamic gallery and product gallery widgets in their posts.

When we looked at the plugin’s changelog it likely seems like an enhancement rather than a serious security concern, just going through the changelog user may not be fully aware that they need to update the plugin. But it is highly recommended to update the plugin.

The version below 5.0 is considered vulnerable

According to stats, approximately 54% of the plugin’s users are running an older version than 5.0.5

These stats show that there are still half a million users who are still in the vulnerable zone if they have used those specific widgets. What we recommend is simply updating the plugin as soon as possible.

Leave a Comment

Your email address will not be published. Required fields are marked *

Important Notice: AppSumo Purchase Account Information

Dear Sumo-ling,

We want to keep you updated on your AppSumo LTD user account status. Currently, your account has not been set up on our platform.
But, here’s some exciting news we’d like to share with you!
We are actively developing a new Dashboard feature that will soon empower you to:

Easily log in to your account.

Manage your downloads

Access your license keys

We sincerely appreciate your patience, and we promise to notify you promptly as soon as the Dashboard becomes available for your use.

We also understand that currently, you rely on the email you received during the redemption process. If the download link in your email ever expires, please don’t hesitate to reach out to our support team, and they’ll assist you in obtaining a new download link.
We genuinely appreciate your support and understanding. Thank you!

Join our Thriving Community

Regular Users

LTD Users