Internet

Hundreds of thousands of websites are now insecure

Deepak GuptaFebruary 1, 2022
0

File Inclusion Vulnerability

This flaw allows an unauthorized attacker to perform a local file inclusion attack, as a PHP file, and thus be able to execute code on that website and compromise security. Keep in mind that this plugin is used by hundreds of thousands of sites, so many are vulnerable.

According to the security researchers behind this discovery, the requirement to carry out the attack is that the website has certain widgets enabled, such as the dynamic gallery and product gallery. In this way, the token would not be enabled for verification.

We must bear in mind that this is not the first time that we have come across a problem of this type that affects the wordpress plugin. In fact, we have always recommended not to install more than necessary, as they can be an entry point for attackers. It is essential to always have them updated, download them from official sources and have a constant revision to avoid these vulnerabilities.

If an attacker manages to exploit a flaw of this type, on the one hand it will affect the performance of that website, its positioning in search engines and the image of the brand. But it can also put the security of visitors at risk, since they can sneak malicious code that redirects to fraudulent pages, contains files that are actually viruses, etc.

Tips to protect WordPress

How to fix this issue

Fortunately, fix this vulnerability and many other similar ones that can compromise the security of web pages is simple. Normally we will find patches and updates that help correct these bugs. In this case, those responsible for the WordPress plugin released several updates until they finally managed to solve the problem.

That is why it is essential keep everything updated to the latest version. In this case we are talking about WordPress plugins, but it is something that we must apply to any other program or service that we use in our day to day, whether it is to browse the Internet, host a web page or any other platform that we use.

In the case of the Essential Addons for Elementor plugin, the version 5.0.5 fixes this vulnerability. If you have it installed on your website, it is essential that you verify that you have at least that version installed and thus not have security problems.

This vulnerability is still present in more than 600,000 WordPress sites. It is estimated that there are just over a million sites that have this plugin, but only 380,000 have installed the latest versions and have corrected the vulnerability. Therefore, hundreds of thousands are still vulnerable. It is important that you know how you can be hacked when browsing and be protected.

We have other articles that may interest you:
  1. Zoom — what is it, features and what are its advantages and disadvantages
  2. STATUS_ACCESS_VIOLATION: How to avoid this error when browsing
  3. Netflix reaches a bandwidth of 400 Gbps of video, this is how they get it
  4. What to consider when buying a USB adapter with 4G or 5G
  5. Avoid problems when downloading files in Gmail
  6. Dropbox or pCloud, which cloud storage is better
Deepak GuptaFebruary 1, 2022
0

Related Articles

What is the LDAP protocol for and how does it work?

May 15, 2022

How to avoid Windows Update error 0x800f0905

October 25, 2021

5 tricks to improve your WiFi and not cut it

February 8, 2022

Do you have a smart watch? Be careful, so they can hack you; avoid it

August 7, 2023

Leave a Reply

Your email address will not be published. Required fields are marked *