WordPress Websites Security Issues Expose Millions of Sites to Hackers

TechnologyWordPress Websites Security Issues Expose Millions of Sites to Hackers

Internet is under the threat of WordPress websites security issues due to a recent attack on the plugin. WordPress is a host plugin for more than one million websites all around the world. Thus, this recent attack has increased the vulnerability of all the websites to face some malicious activities to the site as well as the computer. Essential Addons for Elementors has carried this attack to WordPress.

Basically, Essential Addons For Elementors is an extension for WordPress. Essential addons for Elementors provide easy-to-use elements to the users. This elementor plugin was carrying a critical Remote Code Execution (RCE). This RCE is a flaw that allows the local file inclusion vulnerability that allows attackers to get access to the unauthorized files on your website.

What is The WordPress Websites Security Issue?

WordPress websites security issues

RCE attack is a malware function that allows the attackers to integrate a code into your system. The code can cause malfunction in your website to allow the malicious attackers to access files in your website and computer.

The cyber security researcher, Wai Yan Muo Thet on January 25th, 2022. He reported about this attack to PatchStack. PatchStack is a security plugin that safeguards WordPress from plugin vulnerabilities. PatchStack also got a virtual update on the same date.

Before this attack became viral, the owners of WPDevelopers had predicted this situation and tried their best to avoid it. But, two of their attempts became unsuccessful in preventing this malicious attack.

PatchStack Involvement

WordPress websites security issues

PatchStack clarified that the attack occurred because of the use of dynamic gallery and product gallery widgets. Both these widgets have vulnerability functions which caused the WordPress websites security issues.

It also stated, “This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack. This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed.”

To mitigate this vulnerability, the updated versions 5.0.0 and 5.0.4 plugins tried to resolve the issue bit in vain. Then, the researchers introduced a different version which is 5.0.5 that resolved the issue.

As a large number of websites use Essential Addons for Elementor, the version has tried to curb the issue. According to reports, 400,00 websites have updated their patch version while the rest of them still remain under threat of vulnerability. If they update their version, they can protect their systems and websites from this WordPress websites security issues.

Duaa Naeem
Duaa Naeem
Dua is a seasoned writer who loves to write on Pakistani Entertainment and Infotainment while having her Masters in English literature

Must read

Recent News

Azerbaijani people commemorate National Leader Heydar Aliyev

Azerbaijani people commemorate National Leader Heydar Aliyev

0
Monitoring Desk: Every year Azerbaijani people on December 12 commemorate the death anniversary of Azerbaijani Great Leader Heydar Aliyev.Today, 21 years have passed since...

A doomed PTI is eager to talk with the government

0
Monitoring Desk: After trying various tactics, PTI is eager to talk to the government and is making every effort to get a positive response...
Hemani “Power Plus”

Hemani “Power Plus” become first Pakistani product registered in UAE

0
Monitoring Desk: Hemani “Power Plus” has become the first Pakistani product registered in the UAE.

Syrian disorder shows why the Armed Forces are essential for social order

0
DND Special ReportThe Middle East is volatile again and a kind of “Islamic Colour Revolution” has collapsed the state institutions where the swift...

Once again media bias targets Pakistan with unsupported content about PTI’s November 24 protest

0
Monitoring Desk: Pakistan has always been under the target of biased media a textbook example of how certain groups, individuals, and countries can try...
Advertisement