ShieldNOTES Ep#16: Lots of Elementor Vulnerabilities; htaccess; and TicketMaster

June 3, 2024 by Paul G. | Security, ShieldNOTES

There are quite a few Elementor-related vulnerabilities published in the last week. 1 is particularly severe.

We also share an article from our blog that you’ll find interesting, and there’s a big TicketMaster breach to be aware of.

#1 – Vulnerable: Unlimited Elements For Elementor Plugin

Critical site-takeover vulnerability with 200,000+ installs.

How will I know I’m okay?
Upgrade ASAP to v1.5.91+

What’s the risk?
Severity risk 9.9/10 – Remote Code Execution – an attacker can gain backdoor access to then take full control of the website!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#2 – Vulnerable: More Elementor Plugins

Happy Addons for Elementor (XSS)
Upgrade to v3.11.0; Severity 6.5; Info

Premium Addons for Elementor (Borken Access Control)
Upgrade to v4.10.32; Severity: 4.3; Info

Essential Addons for Elementor (XSS)
Upgrade to 5.9.22; Severity: 6.5; Info

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#3 – Vulnerable: Flash & HTML5 Video Plugin Vulnerability

Critical site-takeover vulnerability with 200,000+ installs.

How will I know I’m okay?
Upgrade ASAP to v2.5.27+

What’s the risk?
Severity risk 9.3/10 – SQL Injection – an attacker can interact with your WP database directly!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#4 – From our blog: All About .htaccess

This article outlines all you might want to know about your .htaccess file and how you might use it to restrict certain operations on your WordPress sites.

More Info →

#5 – TicketMaster Breach: 560M+ Customer Records

Nobody is immune to being breached! You need to be aware that your personal info kept with TicketMaster is likely exposed.

Be vigilant of phishing attempts and people using your data. It’s not clear if passwords have been exposed, but if you’ve reused passwords with them, you should go about updating your passwords wherever this is the case.

Never re-use passwords, and use a password manager (so you can store strong unique passwords for everything).

More Info →

Thanks for reading, and have a great week!

Paul Goodchild
Shield Security for WordPress

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials

@planter

Very Easy

Easy to install, understand and use. Excellent plug-in.

@oneclearline

Indispensable

Indispensable security plugin

@stubac

Very easy to setup and use

This was a dream to begin using and seems to be protecting the site well. Even from my when I forget my password!!

@zenbreeze

Highly recommended

Fantastic product and excellent support. I seriously don’t know what I’d do without it. I’m an artist, not a techie or web designer. I needed a security plug in that was easy to use and that I could (more or less) understand.

ESSENTIAL WORDPRESS SECURITY NEWS

Get ShieldNOTES, our excellent weekly WordPress security newsletter!

ShieldNOTES Ep#16: Lots of Elementor Vulnerabilities; htaccess; and TicketMaster

#1 – Vulnerable: Unlimited Elements For Elementor Plugin

#2 – Vulnerable: More Elementor Plugins

#3 – Vulnerable: Flash & HTML5 Video Plugin Vulnerability

#4 – From our blog: All About .htaccess

#5 – TicketMaster Breach: 560M+ Customer Records

Very Easy

Indispensable

Very easy to setup and use

Highly recommended

Leave a Comment Cancel reply

Related Stories

ShieldNOTES Ep#12: Big vulnerabilities, PHP Upgrades, and Passkeys

ShieldNOTES Ep#33: Recent Vulnerabilities, Upcoming WP Agency Summit & Important Update From Shield’s Team

ShieldNOTES Ep#36: Many vulnerabilities for popular plugins, alongside critical risks for lesser-used plugin.

ESSENTIAL WORDPRESS SECURITY NEWS