via wptavern.com => original post link
Essential Addons for Elementor, a popular plugin with more than a million active installs, has patched a critical vulnerability that would allow for a local file inclusion attack.
The vulnerability was discovered by security researcher Wai Yan Myo Thet and reported to Patchstack on January 25, 2022. Patchstack customers received a virtual patch the same day. The issue was already known to the plugin’s developers, WPDeveloper, who issued two insufficient patches before it was ultimately fixed in version 5.0.5.
Patchstack published a summary of the vulnerability and explained how WordPress sites using the plugin could be compromised: