CourseVector Logo (white)

Hosting | Web | Marketing

Tech Updates & Fixes

BuddyPress <= 12.4.1 – 6.4 vulnerability

June 12, 2024

Our managed hosting team is always on the job, fixing issues to keep our clients’ websites secure and running smoothly. For instance, we recently addressed a vulnerability in the BuddyPress plugin (CVE-2024-4892), which involved stored cross-site scripting through the ‘display_name’ parameter. This flaw, present in versions up to 12.4.1, allowed authenticated subscribers to inject malicious scripts. By proactively resolving such vulnerabilities, we ensure our clients’ sites remain protected, and we keep them informed about our ongoing efforts to maintain their online security.

Advanced Custom Fields <= 6.2.10 – 4.3 vulnerability

June 12, 2024

Our managed hosting team is always busy behind the scenes, fixing issues to keep our clients’ websites secure and efficient. Recently, we addressed a vulnerability in the Advanced Custom Fields (ACF) plugin for WordPress, specifically CVE-2024-4565. This flaw allowed authenticated users with contributor-level access to exploit arbitrary custom field access, potentially exposing sensitive information. We promptly resolved this issue to prevent any data leaks. We believe in keeping our clients informed about our efforts, ensuring they know their websites are in capable hands.

Advanced Custom Fields <= 5.10 – 7.5 vulnerability

June 11, 2024

Our managed hosting team is always at work, fixing issues and ensuring our clients’ websites run smoothly. Recently, we addressed a significant vulnerability in the Advanced Custom Fields plugin, specifically CVE-2021-20865, which involved a missing authorization flaw in versions up to 5.10. This issue allowed unauthorized users to access sensitive data, posing a serious security risk. By promptly resolving such vulnerabilities, we protect our clients’ websites from potential breaches and keep them informed about the continuous efforts we make to safeguard their online presence.

Bookly <= 23.2 – 6.4 vulnerability

June 11, 2024

Our team at CourseVector is dedicated to providing top-notch managed hosting services, and we are constantly working behind the scenes to ensure our clients’ websites are secure and performing optimally. Recently, we addressed a vulnerability in the WordPress Online Booking and Scheduling Plugin – Bookly, identified as CVE-2024-5584. This issue, present in versions up to 23.2, involved stored cross-site scripting (XSS) via the Color Profile parameter, which allowed authenticated attackers with subscriber-level access to inject malicious scripts. By promptly fixing such vulnerabilities, we prevent potential security breaches and keep our clients informed about the crucial work we do to protect their sites.

Astra <= 4.6.8 – 6.4 vulnerability

June 11, 2024

Our managed hosting team at CourseVector is always hard at work behind the scenes, fixing issues and ensuring your site runs smoothly. Recently, we addressed a vulnerability in the Astra theme, identified as CVE-2024-2347. This flaw allowed authenticated users with contributor-level access to exploit the display name field, injecting malicious scripts that could execute whenever someone accessed an affected page. By promptly fixing these kinds of vulnerabilities, we protect our clients’ websites from potential security threats and keep them informed about our continuous efforts to safeguard their online presence.

ShopLentor <= 2.9.0 – 6.4 vulnerability

June 11, 2024

Our managed hosting team is always hard at work, fixing issues to keep our clients’ sites secure and running smoothly. Recently, we addressed a vulnerability in the ShopLentor plugin (formerly WooLentor), specifically a stored cross-site scripting (XSS) issue in versions up to 2.9.0. This flaw, identified as CVE-2024-5530, allowed authenticated users with contributor-level access to exploit the WL Product Horizontal Filter Widget to inject malicious scripts. By proactively resolving such vulnerabilities, we ensure our clients’ websites remain safe and functional, and we keep them informed about our ongoing efforts to protect their online presence.

Learn more about hosting
Contact Us

Happy Holidays!

With the holiday season upon us our staff will be taking some time to relax and enjoy time with their families.

We may be a bit slower to respond during this period. If you haven’t gotten a response within 24 hours during our normal business hours, please use our support request form and indicate it is an emergency and someone will get back to you quickly.

 

Search

Sign Up for Our Newsletter

Thank you for your interest in our newsletter! Fill in the form below to receive periodic updates on internet and website security, free cybersecurity posters, WordPress news, and more!

"*" indicates required fields

Name*

Your privacy is important to us. We do not share your information with anyone. You can opt out of our newsletter at any time.

Stay up to date with technology, scams, WordPress, and more. Follow CourseVector on Facebook today!