WordPress plugin Essential Addons for Elementor as malicious code slingshot

Admins who use the Essential Addons for Elementor plugin to design their WordPress site should update the software. Under certain conditions, attackers could execute malicious code.

According to a report by security researchers from Patchstack, websites are only vulnerable if the Dynamic Gallery and Product Gallery widgets are active in addition to the plugin. Then, when processing user input in the inlcude-Function of PHP errors occur.

Certain inputs could trigger a local file inclusion attack. Attackers can use this to trick a web server into executing files infected with malicious code. The vulnerability (CVE-2022-0320) has a threat level of “high“ classified.

According to WordPress, the plugin has more than 1 million active installations. The developers state Essential Addons for Elementor 5.0.5 prepared against such attacks. All previous releases are supposed to be vulnerable.


To home page