Remote code Execution

Essential Addons for Elementor has a critical security hole

A critical security vulnerability was recently discovered in the Essential Addons for Elementor, a plugin that has over a million active installations on the WordPress plugin repository.  The plugin is used to “enhance your Elementor page building experience with 80+ creative elements and extensions“. One of those “creative elements” is the dynamic and product gallery …

Essential Addons for Elementor has a critical security hole Read More »

Unrestricted File Upload Vulnerability found in Contact Form 7 plugin affects 5M+ websites

CVE-2020-35489: Unrestricted File Upload Vulnerability found in Contact Form 7 plugin affects 5M+ websites

A high-severity Unrestricted File Upload vulnerability, tracked as CVE-2020–35489, was discovered in a popular WordPress plugin called Contact Form 7, currently installed on 5 Million+ websites making them vulnerable to attacks like phishing, complete site take-over, data-breach, phishing and credit card frauds. In this blog-post, we will cover what caused the flaw, an example Proof-Of-Concept (PoC) showing exploitation in a …

CVE-2020-35489: Unrestricted File Upload Vulnerability found in Contact Form 7 plugin affects 5M+ websites Read More »