PHP Object Injection vulnerability in WordPress Themesflat Addons For Elementor Plugin

A PHP Object Injection vulnerability has been identified in the WordPress Themesflat Addons For Elementor Plugin. This vulnerability allows an attacker to inject arbitrary PHP code into the affected website, potentially compromising the security of the website and its visitors. This high-severity plugin vulnerability was detected and responsibly disclosed by Robert Rowley.

The vulnerability is a PHP Object Injection vulnerability that occurs in the class-tesflat-addons-for-elementor.php file. The vulnerability allows an attacker to inject arbitrary PHP code into the affected website by specifying a specially crafted URL in the id parameter of the get_addons function.

Severity:

The vulnerability has a CVSS 3.1 score of 8.3, which is considered to be high. This means that the vulnerability is likely to be exploited and could have a significant impact on the affected system.

Affected Versions:

The vulnerability affects WordPress websites that use the Themesflat Addons For Elementor Plugin prior to version 2.0.1.

Impact:

An attacker who successfully exploits this vulnerability could inject arbitrary PHP code into the affected website, which could then be executed by any visitor to the website. This could lead to a variety of security risks, such as:

Code execution
Data exfiltration
Denial of service
Phishing attacks
Malware infections

Recommendation:

Given the high severity of this vulnerability, immediate action is essential to protect the WordPress website:

Update Immediately: Ensure Themesflat Addons For Elementor Plugin is updated to at least version 2.0.1, or the most recent available version.
Regular Security Audits: Regularly conduct comprehensive security audits on the WordPress website. Identifying and addressing vulnerabilities proactively is essential to maintain a robust security posture.
Stay Informed: Stay informed about official updates or advisories associated with the Themesflat Addons For Elementor Plugin. Timely updates and heightened awareness are pivotal for preserving the website’s security.

PHP Object Injection vulnerability in WordPress Themesflat Addons For Elementor Plugin

Severity:

Affected Versions:

Impact:

Recommendation:

Related Articles

SQL Injection vulnerability in WordPress iPanorama 360 WordPress Virtual Tour Builder Plugin

WordPress Soisy Pagamento Rateale Plugin Broken Access Control Vulnerability

Critical XSS Vulnerability Discovered in Elementor Addon Elements Plugin

Protect Your Website from High-Severity XSS Vulnerability in Gallery Bank Plugin

Remote Code Execution (RCE) vulnerability in WordPress File Manager Pro Plugin

Cross-Site Scripting (XSS) vulnerability in WordPress Locatoraid Store Locator Plugin

Categories

Latest Blog Updates

Unmasking a Persistent Malware Attack on a WordPress Website

Investigating and Resolving High CPU Usage in WordPress Due to Malicious Crawlers

Unmasking a Hidden Malware Attack Targeting Users from Search Results

Critical Broken Access Control Vulnerability in WP Travel Plugin

Critical Broken Access Control Vulnerability in WooODT Lite Plugin

Critical Local File Inclusion Vulnerability in HTML filter and csv-file search Plugin

Critical Remote Code Execution Vulnerability in PHP to Page Plugin