WordPress Websites Security Issues Expose Millions of Sites to Hackers

TechnologyWordPress Websites Security Issues Expose Millions of Sites to Hackers

Internet is under the threat of WordPress websites security issues due to a recent attack on the plugin. WordPress is a host plugin for more than one million websites all around the world. Thus, this recent attack has increased the vulnerability of all the websites to face some malicious activities to the site as well as the computer. Essential Addons for Elementors has carried this attack to WordPress.

Basically, Essential Addons For Elementors is an extension for WordPress. Essential addons for Elementors provide easy-to-use elements to the users. This elementor plugin was carrying a critical Remote Code Execution (RCE). This RCE is a flaw that allows the local file inclusion vulnerability that allows attackers to get access to the unauthorized files on your website.


What is The WordPress Websites Security Issue?

WordPress websites security issues

RCE attack is a malware function that allows the attackers to integrate a code into your system. The code can cause malfunction in your website to allow the malicious attackers to access files in your website and computer.

The cyber security researcher, Wai Yan Muo Thet on January 25th, 2022. He reported about this attack to PatchStack. PatchStack is a security plugin that safeguards WordPress from plugin vulnerabilities. PatchStack also got a virtual update on the same date.

Before this attack became viral, the owners of WPDevelopers had predicted this situation and tried their best to avoid it. But, two of their attempts became unsuccessful in preventing this malicious attack.

PatchStack Involvement

WordPress websites security issues

PatchStack clarified that the attack occurred because of the use of dynamic gallery and product gallery widgets. Both these widgets have vulnerability functions which caused the WordPress websites security issues.

It also stated, “This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack. This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed.”

To mitigate this vulnerability, the updated versions 5.0.0 and 5.0.4 plugins tried to resolve the issue bit in vain. Then, the researchers introduced a different version which is 5.0.5 that resolved the issue.

As a large number of websites use Essential Addons for Elementor, the version has tried to curb the issue. According to reports, 400,00 websites have updated their patch version while the rest of them still remain under threat of vulnerability. If they update their version, they can protect their systems and websites from this WordPress websites security issues.

Duaa Naeem
Duaa Naeem
Dua is a seasoned writer who loves to write on Pakistani Entertainment and Infotainment while having her Masters in English literature

Must read

Recent News

Passing Out Parade of Cadets held at PMA Kakul

The Passing Out Parade of Cadets of 149th PMA Long Course, 14th Mujahid Course, 68th Integrated Course and 23rd Lady Cadet Course was held...

Aurangzeb meets AIIB President & IFC Managing Director in Washington DC

WASHINGTON DC: The Finance Minister Muhammad Aurangzeb met with the Asian Infrastructure Investment Bank (AIIB) President Jin Liqun on the sidelines of the World...

USD to PKR: USD Dollar Rate in Pakistan Today – 20 April 2024

The US Dollar (USD) was being bought and sold at Rs 277.6 and Rs 280.35 in the Open Market against the Pakistani Rupee (PKR)...

Gold Price in Pakistan Today – 20 April 2024

On Saturday (April 20, 2024), the gold rate for one tola of 24-karat in Karachi, Pakistan, is Rs 242,600.000.It's important to note that gold...

The silence of Kashmir, and the dangerous falsehoods of democracy, development, peace

The Indian state has papered over the silence of the media to push through a false narrative of development, democracy, and progress in Kashmir,...