600K WordPress Sites Impacted By Critical Plugin RCE Vulnerability

Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code execution (RCE) vulnerability in version 5.0.4 and older. The flaw allows an unauthenticated user to perform a local file inclusion attack, such as a PHP file, to execute code on the site.

Experts Comments

February 01, 2022
Pravin Madhani
Co-founder and CEO
K2 Cyber Security

WordPress powers as much as a third of all websites on the Internet, including some of the most highly trafficked sites and a large percentage of eCommerce sites, so WordPress security should be of top concern to organizations.

In particular, remote code execution (RCE) vulnerabilities, such as the one found in the popular WordPress plugin Essential Addons for Elementor, are one of the most dangerous vulnerabilities, because they give the attacker the ability to run almost any code on the

.....Read More

WordPress powers as much as a third of all websites on the Internet, including some of the most highly trafficked sites and a large percentage of eCommerce sites, so WordPress security should be of top concern to organizations.

In particular, remote code execution (RCE) vulnerabilities, such as the one found in the popular WordPress plugin Essential Addons for Elementor, are one of the most dangerous vulnerabilities, because they give the attacker the ability to run almost any code on the hacked site.  Flaws like RCE and XSS (Cross Site Scripting) have long been listed on the OWASP Top 10, so why aren’t WordPress web sites better equipped to protect against these attacks?

The simplest thing any organization can do to help reduce vulnerabilities is to keep their code (WordPress, plugins, SQL server-MySQL/MariaDB, web server-NGINX/Apache) up to date and patched. In addition, enterprises should add runtime application security solutions which will protect against attacks exploiting OWASP and other critical vulnerabilities, and provide virtual patches for applications.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.