WordPress vulnerability can cause execution attacks

WordPress Vulnerability to affect one million or more sites. They hold the potential for remote code execution attacks. The Addon for Elementor can also attract malicious attackers to run arbitrary code. The WordPress website is at stake now.

NIST brought forward the WordPress Vulnerability from the Elementor. It is a U.S. Government website. Attackers can launch a Local File Inclusion attack. The attack can also expose sensitive information from the website. Attackers can read all the arbitrary files.

With that attack, Remote Code Execution (RCE) can also occur. It is one of the serious attacks. Also, it will give the attacker full control over the WordPress sites. It makes the websites vulnerable to all kinds of damage.

To state the functioning of Local File Inclusion. Also, the attacker accomplishes it by changing the URL parameters to reveal information.

It became possible as Essential Addons couldn’t validate and sanitize data. The sanitization of data also limits the input of data. It is more like a lock. However, it accepts only specific input with specific pattern failure.

The 5.0.5 Essential Addons allow Local File Inclusion Attacks. The inefficiency of sanitizing data is the reason. However, the National Vulnerability Database announced the vulnerability on February 1, 2022. The lite version accounted for the vulnerabilities in January. It came from the Essential Addons lite Changelog.

The changelog records all the changes made for all the versions. It records all the changes. Also, it brought forward only a few bugs. It didn’t call out for security fixes.

WPScan first identified and reported the WordPress Vulnerability. They published the description stating, “The plugin does not validate and sanitize some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server.”

There are no severity scores available yet. It is essential that WordPress users update to the very latest version. The latest version also doesn’t include any more vulnerabilities.