CourseVector Logo (white)

Hosting | Web | Marketing

Tech Updates & Fixes

Essential Addons for Elementor <= 5.9.23 – 6.4 vulnerability

June 11, 2024

The CourseVector team is always hard at work providing managed hosting, frequently stepping in to fix issues for our clients. Recently, we addressed a significant vulnerability in the Essential Addons for Elementor plugin, specifically a stored cross-site scripting (XSS) issue identified as CVE-2024-5189. This flaw, present in versions up to 5.9.23, allowed authenticated users with Contributor-level access to inject malicious scripts via the ‘custom_js’ parameter. Our proactive approach ensures that these vulnerabilities are swiftly resolved, maintaining the security and performance of our clients’ websites. We report these fixes to keep our clients informed and confident in our continuous efforts to protect their online presence.

Supreme Modules Lite <= 2.5.51 – 6.4 vulnerability

June 7, 2024

Our managed hosting team is always hard at work, constantly fixing issues for our clients to ensure their websites run smoothly. Recently, we addressed a vulnerability in the Supreme Modules Lite plugin for the Divi Theme, Extra Theme, and Divi Builder. This particular issue, CVE-2024-5501, involved stored cross-site scripting via the ‘button_one_id’ parameter in versions up to 2.5.51. This flaw allowed authenticated users with contributor-level access to inject malicious scripts that could execute whenever a user accessed the affected page. By resolving these types of vulnerabilities, we protect our clients’ sites from potential security threats and keep them informed about the diligent work we do behind the scenes.

Essential Addons for Elementor <= 5.8.15 – 6.4 vulnerability

June 7, 2024

At CourseVector, our managed hosting team is always busy ensuring client websites are secure and efficient. We recently addressed a vulnerability in the Essential Addons for Elementor Pro plugin, specifically a stored cross-site scripting issue in the Lightbox & Modal widget (CVE-2024-5612). This flaw allowed users with Contributor-level access to inject malicious scripts via the ‘eael_lightbox_open_btn_icon’ parameter. By swiftly resolving such vulnerabilities, we protect our clients’ sites from potential attacks and keep them informed about our ongoing efforts to maintain and improve their online presence.

Ocean Extra <= 2.2.4 – 6.4 vulnerability

June 7, 2024

The CourseVector team is always busy with our managed hosting services, regularly fixing issues to keep our clients’ websites secure and efficient. Recently, we resolved a vulnerability in the Ocean Extra plugin (CVE-2024-1277), which involved stored cross-site scripting (XSS) through custom fields in versions up to 2.2.4. This flaw allowed users with contributor-level access to inject harmful scripts. By addressing such vulnerabilities promptly, we ensure our clients’ sites remain protected and inform them of our ongoing efforts to maintain their online safety and performance.

Download Manager <= 3.2.90 – 6.4 vulnerability

June 5, 2024

Our team at CourseVector is dedicated to providing top-notch managed hosting services, constantly monitoring and resolving issues to keep our clients’ websites secure and running smoothly. Recently, we addressed a vulnerability in the Download Manager plugin for WordPress, where versions up to 3.2.90 were susceptible to stored cross-site scripting (XSS) via the ‘wpdm-all-packages’ shortcode. This vulnerability, identified as CVE-2024-4160, allowed authenticated users with contributor-level access to inject malicious scripts. By promptly fixing such vulnerabilities, we ensure our clients’ sites remain protected, and we keep them informed about our continuous efforts to safeguard their online presence.

PDF.js < 4.2.67 – 6.4 vulnerability

June 5, 2024

The CourseVector team excels in managed hosting, constantly diving in to resolve issues for our clients. For instance, we recently tackled a vulnerability in PDF.js (versions prior to 4.2.67) that allowed authenticated users with contributor-level permissions to execute arbitrary JavaScript via crafted PDF files. This flaw, known as CVE-2024-4367, stemmed from a missing type check when handling fonts, posing significant security risks. By swiftly addressing such vulnerabilities, we ensure our clients’ websites remain secure and functional. We always keep our clients informed about our proactive measures, showcasing our dedication to their online safety and performance.

Learn more about hosting
Contact Us

Happy Holidays!

With the holiday season upon us our staff will be taking some time to relax and enjoy time with their families.

We may be a bit slower to respond during this period. If you haven’t gotten a response within 24 hours during our normal business hours, please use our support request form and indicate it is an emergency and someone will get back to you quickly.

 

Search

Sign Up for Our Newsletter

Thank you for your interest in our newsletter! Fill in the form below to receive periodic updates on internet and website security, free cybersecurity posters, WordPress news, and more!

"*" indicates required fields

Name*

Your privacy is important to us. We do not share your information with anyone. You can opt out of our newsletter at any time.

Stay up to date with technology, scams, WordPress, and more. Follow CourseVector on Facebook today!