CourseVector Logo (white)

Hosting | Web | Marketing

Tech Updates & Fixes

Yoast SEO <= 22.5 – 6.1 Vulnerability

July 29, 2024

Our managed hosting team is constantly working to resolve various issues to ensure our clients’ sites remain secure and functional. Recently, we addressed a vulnerability in the Yoast SEO plugin, identified as CVE-2024-4041. This vulnerability, present in all versions up to and including 22.5, allowed for reflected cross-site scripting through URLs due to inadequate input sanitization and output escaping. This issue enabled unauthenticated attackers to inject malicious web scripts into pages, potentially executing them if a user was tricked into clicking a link. We have resolved this problem to safeguard our clients’ websites from potential threats. We keep our clients informed about these updates to demonstrate our ongoing efforts to protect their sites.

Supreme Modules Lite <= 2.5.3 – 6.4 Vulnerability

July 29, 2024

At CourseVector, our managed hosting team is dedicated to monitoring and resolving issues to keep our clients’ websites running smoothly and securely. Recently, we addressed a security vulnerability (CVE-2024-4334) in the Supreme Modules Lite plugin for WordPress.

The Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the ‘typing_cursor’ parameter in versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

By addressing such vulnerabilities, we safeguard our clients’ websites from potential threats. To ensure your site receives this level of vigilant protection, consider exploring our Managed WordPress hosting services.

Genesis Blocks <= 3.1.3 – CVE-2024-3563 (6.4)

July 9, 2024

Our managed hosting team at CourseVector is always on the lookout, fixing issues to ensure our clients’ websites run smoothly and securely. Recently, we addressed a vulnerability CVE-2024-3563 in the Genesis Blocks plugin for WordPress.

The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Sharing block in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2024-3563

By promptly fixing such vulnerabilities, we protect our clients’ websites from potential threats. To have your site vigilantly protected like this, please take a look at our Managed WordPress hosting.

IQ Testimonials <= 2.2.7 – 9.8 ?

July 9, 2024

Our team at CourseVector provides top-notch managed hosting services, constantly working behind the scenes to keep our clients’ websites secure and running smoothly.

We recently addressed a critical vulnerability in the IQ Testimonials plugin, where an issue in versions up to 2.2.7 allowed unauthenticated attackers to upload arbitrary files due to insufficient file type validation. This vulnerability, identified as CVE-2024-6314, could potentially lead to remote code execution if the ‘gd’ PHP extension is not loaded on the server.

By proactively resolving such high-risk issues, we ensure our clients’ sites remain protected, and we keep them informed about our diligent efforts in maintaining their online presence.

Modern Events Calendar <= 7.11.0 – 8.8 ?

July 9, 2024

Our managed hosting team is always busy ensuring our clients’ websites are secure and running efficiently. We recently addressed a significant vulnerability in the Modern Events Calendar plugin, identified as CVE-2024-5441.

This flaw allowed authenticated users, including subscribers, to upload arbitrary files due to missing file type validation. Such uploads could potentially lead to remote code execution.

By promptly fixing this issue, we protected our clients’ sites from potential attacks. We take pride in reporting these fixes to our clients, showcasing our commitment to their website’s security and performance.

Contact Form 7 <= 5.9.4 – 6.1 vulnerability

July 3, 2024

The CourseVector team provides managed hosting, diving in to fix issues for our clients on a regular basis. Recently, we addressed a vulnerability in the Contact Form 7 plugin, which was susceptible to an unauthenticated open redirect in versions up to 5.9.4. This flaw, known as CVE-2024-4704, could allow attackers to redirect users to malicious sites by exploiting insufficient validation on the redirect URL. We promptly fixed this issue to protect our clients’ websites from potential threats and always keep them informed about our efforts to maintain the security and integrity of their online presence.

Learn more about hosting
Contact Us

Happy Holidays!

With the holiday season upon us our staff will be taking some time to relax and enjoy time with their families.

We may be a bit slower to respond during this period. If you haven’t gotten a response within 24 hours during our normal business hours, please use our support request form and indicate it is an emergency and someone will get back to you quickly.

 

Search

Sign Up for Our Newsletter

Thank you for your interest in our newsletter! Fill in the form below to receive periodic updates on internet and website security, free cybersecurity posters, WordPress news, and more!

"*" indicates required fields

Name*

Your privacy is important to us. We do not share your information with anyone. You can opt out of our newsletter at any time.

Stay up to date with technology, scams, WordPress, and more. Follow CourseVector on Facebook today!