all InfoSec news
PSA: Critical Unauthenticated Arbitrary File Upload Vulnerability in Royal Elementor Addons and Templates Being Actively Exploited
Malware Analysis, News and Indicators - Latest topics malware.news
Today, on October 13, 2023, the Wordfence Threat Intelligence Team became aware of a vulnerability that was recently patched in Royal Elementor Addons and Templates, a WordPress plugin installed on over 200,000 sites, that makes it possible for unauthenticated attackers to upload arbitrary files to vulnerable sites.
This allows unauthenticated attackers to upload PHP files containing malicious content, such as a backdoor, that makes remote code execution possible and leads to a complete compromise of the site. We have blocked …
actively exploited attackers aware critical exploited file files file upload intelligence october plugin psa royal team threat threat intelligence today unauthenticated upload vulnerability wordfence wordpress wordpress plugin