PSA: Critical Unauthenticated Arbitrary File Upload Vulnerability in Royal Elementor Addons and Templates Being Actively Exploited | allinfosecnews.com

Oct. 13, 2023, 9:50 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Today, on October 13, 2023, the Wordfence Threat Intelligence Team became aware of a vulnerability that was recently patched in Royal Elementor Addons and Templates, a WordPress plugin installed on over 200,000 sites, that makes it possible for unauthenticated attackers to upload arbitrary files to vulnerable sites.

This allows unauthenticated attackers to upload PHP files containing malicious content, such as a backdoor, that makes remote code execution possible and leads to a complete compromise of the site. We have blocked …

actively exploited attackers aware critical exploited file files file upload intelligence october plugin psa royal team threat threat intelligence today unauthenticated upload vulnerability wordfence wordpress wordpress plugin

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Security above all else—expanding Microsoft’s Secure Future Initiative an hour ago | malware.news

cyberattacks cybersecurity future high +11

FBI warns of email spoofing by North Korean threat actor Kimsuky 4 hours ago | malware.news

actor article dmarc domains +16

You get a passkey, you get a passkey, everyone should get a passkey 8 hours ago | malware.news

accounts can consumer cracked +10

Attackers evade detection by leveraging Microsoft Graph API 8 hours ago | malware.news

api article attackers cloud +15

Weird Al, Docker, OT, Gitlab, Credit Monitoring, Dropbox, Cisco, AI, Aaran Leyland... - SWN #383 9 hours ago | malware.news

article cisco credit credit monitoring +8

Code faster with generative AI, but beware the risks when you do 9 hours ago | malware.news

article can code coding +13

Proposed Bill Focuses on Voluntary AI Security Incident Reporting 9 hours ago | malware.news

ai security bill companies cybersecurity +21

The impact of automating open source dependency management 9 hours ago | malware.news

article business consuming customer +12

Diffusione di malware Keylogger tramite falsa pagina di Agenzia delle Entrate – PuntoFisco 11 hours ago | malware.news

agenzia delle entrate article cert con +5

Security Specialist

@ Nestlé | St. Louis, MO, US, 63164

View on infosec-jobs.com

Cybersecurity Analyst

@ Dana Incorporated | Pune, MH, IN, 411057

View on infosec-jobs.com

Sr. Application Security Engineer

@ CyberCube | United States

View on infosec-jobs.com

Linux DevSecOps Administrator (Remote)

@ Accenture Federal Services | Arlington, VA

View on infosec-jobs.com

Cyber Security Intern or Co-op

@ Langan | Parsippany, NJ, US, 07054-2172

View on infosec-jobs.com

Security Advocate - Application Security

@ Datadog | New York, USA, Remote

View on infosec-jobs.com