Internet is under the threat of WordPress websites security issues due to a recent attack on the plugin. WordPress is a host plugin for more than one million websites all around the world. Thus, this recent attack has increased the vulnerability of all the websites to face some malicious activities to the site as well as the computer. Essential Addons for Elementors has carried this attack to WordPress.
Basically, Essential Addons For Elementors is an extension for WordPress. Essential addons for Elementors provide easy-to-use elements to the users. This elementor plugin was carrying a critical Remote Code Execution (RCE). This RCE is a flaw that allows the local file inclusion vulnerability that allows attackers to get access to the unauthorized files on your website.
What is The WordPress Websites Security Issue?
RCE attack is a malware function that allows the attackers to integrate a code into your system. The code can cause malfunction in your website to allow the malicious attackers to access files in your website and computer.
The cyber security researcher, Wai Yan Muo Thet on January 25th, 2022. He reported about this attack to PatchStack. PatchStack is a security plugin that safeguards WordPress from plugin vulnerabilities. PatchStack also got a virtual update on the same date.
Before this attack became viral, the owners of WPDevelopers had predicted this situation and tried their best to avoid it. But, two of their attempts became unsuccessful in preventing this malicious attack.
PatchStack clarified that the attack occurred because of the use of dynamic gallery and product gallery widgets. Both these widgets have vulnerability functions which caused the WordPress websites security issues.
It also stated, “This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack. This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed.”
To mitigate this vulnerability, the updated versions 5.0.0 and 5.0.4 plugins tried to resolve the issue bit in vain. Then, the researchers introduced a different version which is 5.0.5 that resolved the issue.
As a large number of websites use Essential Addons for Elementor, the version has tried to curb the issue. According to reports, 400,00 websites have updated their patch version while the rest of them still remain under threat of vulnerability. If they update their version, they can protect their systems and websites from this WordPress websites security issues.