"Critical Flaw Impacts WordPress Plugin With 1 Million Installations"

Security firm Patchstack has discovered over one million WordPress websites might have been impacted by a critical vulnerability in the Essential Addons for Elementor plugin.  Essential Addons for Elementor provides WordPress site admins with more than 80 elements and extensions to help them easily design WordPress pages and posts.  The security flaw affects version 5.0.4 and earlier of the plugin and allows any user to perform a local file inclusion attack, regardless of their authentication or authorization level.  The attack then could lead to remote code execution if the included file contains malicious PHP code.  A complete patch was released last week when Essential Addons for Elementor version 5.0.5 was rolled out.  The researchers stated that more than 400,000 websites have already updated their installations to the patched version of the plugin, but over 600,000 of them remain potentially vulnerable.

SecurityWeek reports: "Critical Flaw Impacts WordPress Plugin With 1 Million Installations"