CourseVector Logo (white)

Hosting | Web | Marketing

Tech Updates & Fixes

Advanced File Manager <= 5.2.4 – 7.5 vulnerability

June 28, 2024

Our managed hosting team is always busy fixing issues to keep our clients’ websites secure and efficient. Recently, we addressed a significant vulnerability in the Advanced File Manager plugin, identified as CVE-2024-5598. This issue exposed sensitive information through insecure directory listing, allowing unauthenticated attackers to access critical data in versions up to 5.2.4. By resolving such vulnerabilities, we ensure our clients’ data remains protected and their sites run smoothly, and we keep our clients updated on our proactive measures to maintain their online security.

Slider, Gallery, and Carousel by MetaSlider <= 3.70.0 – 6.4 vulnerability

June 17, 2024

Our managed hosting team is always on the job, fixing issues and ensuring our clients’ websites run smoothly. Recently, we addressed a vulnerability in the MetaSlider plugin, where versions up to 3.70.0 had a stored cross-site scripting (XSS) issue through the ‘metaslider’ shortcode. This flaw allowed authenticated users with contributor-level access to inject harmful scripts. By identifying and resolving such vulnerabilities, we keep our clients’ sites secure and continually update them on our proactive efforts.

Page Builder by SiteOrigin <= 2.29.6 – 6.4 vulnerability

June 17, 2024

Our managed hosting team is always on the move, fixing various issues to keep our clients’ sites running smoothly and securely. Recently, we addressed a vulnerability in the Page Builder by SiteOrigin plugin, specifically a stored cross-site scripting (XSS) issue in the legacy Image widget. This vulnerability, identified as CVE-2024-2202, affected versions up to 2.29.6 and allowed authenticated users with contributor-level access to inject malicious scripts. We resolved this issue to protect our clients’ websites from potential threats. We make sure to report these fixes to our clients, so they know we are diligently working behind the scenes to maintain their site’s integrity.

ElementsKit PRO <= 3.6.1 – 8.5 vulnerability

June 17, 2024

Our managed hosting team is always hard at work, ensuring our clients’ websites remain secure and efficient. Recently, we addressed a critical issue in the ElementsKit PRO plugin, identified as CVE-2024-4404. This server-side request forgery (SSRF) vulnerability allowed authenticated users with contributor-level permissions to exploit the ‘render_raw’ function, potentially making unauthorized web requests and manipulating internal services. By fixing vulnerabilities like this, we not only protect our clients’ sites from potential attacks but also keep them informed about our continuous efforts to safeguard their online presence.

Slider Revolution <= 6.7.10 – 6.4 vulnerability

June 12, 2024

Our managed hosting team is always on the job, ensuring our clients’ websites are secure and running smoothly. Recently, we addressed a stored cross-site scripting (XSS) vulnerability in the Slider Revolution plugin, identified as CVE-2024-4637. This issue allowed authenticated users with contributor-level access to exploit the Elementor ‘wrapperid’ and ‘zindex’ attributes to inject malicious scripts. By promptly fixing such vulnerabilities, we protect our clients’ sites from potential attacks and keep them updated on our continuous efforts to maintain and secure their online presence.

Divi Torque Lite <= 3.6.6 – 6.4 vulnerability

June 12, 2024

Our managed hosting team at CourseVector is constantly at work, resolving issues to ensure our clients’ websites remain secure and functional. Recently, we addressed a significant vulnerability in the Divi Torque Lite plugin, identified as CVE-2024-5892. This flaw, present in versions up to 3.6.6, allowed authenticated users with author-level permissions to exploit the ‘support_unfiltered_files_upload’ function to inject malicious scripts via SVG uploads. By promptly fixing such vulnerabilities, we protect our clients’ sites from potential threats and keep them informed about our ongoing efforts to safeguard their online presence.

Learn more about hosting
Contact Us

Happy Holidays!

With the holiday season upon us our staff will be taking some time to relax and enjoy time with their families.

We may be a bit slower to respond during this period. If you haven’t gotten a response within 24 hours during our normal business hours, please use our support request form and indicate it is an emergency and someone will get back to you quickly.

 

Search

Sign Up for Our Newsletter

Thank you for your interest in our newsletter! Fill in the form below to receive periodic updates on internet and website security, free cybersecurity posters, WordPress news, and more!

"*" indicates required fields

Name*

Your privacy is important to us. We do not share your information with anyone. You can opt out of our newsletter at any time.

Stay up to date with technology, scams, WordPress, and more. Follow CourseVector on Facebook today!