Critical WordPress Plugin RCE Impacts 600K WordPress Sites

A critical WordPress plugin RCE (remote code execution) vulnerability has been identified in version 5.0.4 and older of Essential Addons for Elementor, the well-known library.

How Does the WordPress Plugin RCE Work?

The WordPress plugin RCE works by letting an unauthenticated user initiate an inclusion attack on a local file, like, for instance, a PHP file. This is done for code execution purposes on the website.

The ones who discovered this flaw in the WordPress popular plugin are the researchers from PatchStack.

They further explained the reason for the existence of this flaw and the conditions under which it occurs.

The local file inclusion vulnerability exists due to the way user input data is used inside of PHP’s include function that are part of the ajax_load_more and ajax_eael_product_gallery functions. (…) It should be noted that the vulnerability only exists if widgets (dynamic gallery, product gallery) are used which utilize these functions due to the fact that a nonce token check is present. This nonce token is only visible when these widgets are enabled.

Source

The experts also provided some examples of code snippets that trigger the plugin remote code execution flaw in WordPress.

Image Source

Twice Patched, Twice Failed

According to

Read More: https://heimdalsecurity.com/blog/critical-wordpress-plugin-rce-in-essential-addons-for-elementor-impacts-600k-wordpress-sites/