CVE-2022-0320 The Essential Addons for Elementor WordPress plugin before 5.0.5 is vulnerable to LFI attack. It could be exploited by attackers to write their own content and gain access to the WordPress admin panel.

CVE-2022-0320 The Essential Addons for Elementor WordPress plugin before 5.0.5 is vulnerable to LFI attack. It could be exploited by attackers to write their own content and gain access to the WordPress admin panel.

This could happen if attacker uploads a PHP file in wp-content/uploads directory or any other directory that has been uploaded by user and has unvalidated file in it.

An unauthenticated attacker can upload a php file or any other file with unvalidated data in it.

This update also fixes an XSS vulnerability via unvalidated input.

An unauthenticated attacker can inject XSS via unvalidated input.

If you’re using Elementor WordPress plugin before 5.0.5 and have uploaded any file in wp-content/uploads directory or any other directory that has been uploaded by user, you must update as soon as possible.

The other issue fixed in this update is an improper permission check in WP_Http::_charset_list() when used with WP_Http::_set_response_header().

This could allow an attacker to open unauthorised access to WP_Http class via unvalidated input.

If you’re using Elementor WordPress plugin before 5.0.5 and have uploaded any file in wp-content/uploads directory or any other directory that has been uploaded by user, you must update as soon as possible.

WordPress  v5.0.5

The new update fixes a cross-site scripting (XSS) vulnerability in Elementor plugin via unvalidated input.
An unauthenticated attacker can inject XSS via unvalidated input.
If you're using Elementor WordPress plugin before 5.0.5 and have uploaded any file in wp-content/uploads directory or any other directory that has been uploaded by user, you must update as soon as possible.

WP Auto Installer 2.0


This is a new release of WP Auto Installer, a plugin that automatically installs WordPress and other goodies like it.

Check the version of your WordPress plugin first

The latest version of Elementor is 5.0.5, so you must update it.

If you're using another WordPress plugin and find that it's vulnerable to CVE-2022-0320, check the version of your plugin first and update as soon as possible.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe