ShieldNOTES Ep#16: Lots of Elementor Vulnerabilities; htaccess; and TicketMaster

June 3, 2024 by Paul G. | Security, ShieldNOTES

There are quite a few Elementor-related vulnerabilities published in the last week. 1 is particularly severe.

We also share an article from our blog that you’ll find interesting, and there’s a big TicketMaster breach to be aware of.

#1 – Vulnerable: Unlimited Elements For Elementor Plugin

Critical site-takeover vulnerability with 200,000+ installs.

How will I know I’m okay?
Upgrade ASAP to v1.5.91+

What’s the risk?
Severity risk 9.9/10 – Remote Code Execution – an attacker can gain backdoor access to then take full control of the website!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#2 – Vulnerable: More Elementor Plugins

Happy Addons for Elementor (XSS)
Upgrade to v3.11.0; Severity 6.5; Info

Premium Addons for Elementor (Borken Access Control)
Upgrade to v4.10.32; Severity: 4.3; Info

Essential Addons for Elementor (XSS)
Upgrade to 5.9.22; Severity: 6.5; Info

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#3 – Vulnerable: Flash & HTML5 Video Plugin Vulnerability

Critical site-takeover vulnerability with 200,000+ installs.

How will I know I’m okay?
Upgrade ASAP to v2.5.27+

What’s the risk?
Severity risk 9.3/10 – SQL Injection – an attacker can interact with your WP database directly!

Editor Comment
Please use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

More Info →

#4 – From our blog: All About .htaccess

This article outlines all you might want to know about your .htaccess file and how you might use it to restrict certain operations on your WordPress sites.

More Info →

#5 – TicketMaster Breach: 560M+ Customer Records

Nobody is immune to being breached! You need to be aware that your personal info kept with TicketMaster is likely exposed.

Be vigilant of phishing attempts and people using your data. It’s not clear if passwords have been exposed, but if you’ve reused passwords with them, you should go about updating your passwords wherever this is the case.

Never re-use passwords, and use a password manager (so you can store strong unique passwords for everything).

More Info →

Thanks for reading, and have a great week!

Paul Goodchild
Shield Security for WordPress

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials

@newels

Good work

@dcstorm2012

Great Plugin

Lots of options, highly effective haven’t had any issues so far. I use it on all my clients sites.

@dawnjohn

Fandabidozi

It has secured all my WordPress sites after some minor hack attacks – Fandabidozi! (that’s Scottish for great!)

@edge22

Great plugin

Does what it says, and does it well. Thanks for the great plugin 🙂

ESSENTIAL WORDPRESS SECURITY NEWS

Get ShieldNOTES, our excellent weekly WordPress security newsletter!

ShieldNOTES Ep#16: Lots of Elementor Vulnerabilities; htaccess; and TicketMaster

#1 – Vulnerable: Unlimited Elements For Elementor Plugin

#2 – Vulnerable: More Elementor Plugins

#3 – Vulnerable: Flash & HTML5 Video Plugin Vulnerability

#4 – From our blog: All About .htaccess

#5 – TicketMaster Breach: 560M+ Customer Records

Good work

Great Plugin

Fandabidozi

Great plugin

Leave a Comment Cancel reply

Related Stories

ShieldNOTES Ep#4: Your Monday Morning Security Notes

ShieldNOTES Ep#29: Several Critical Vulnerabilities on Millions of Sites & Early Black Friday Webm

ShieldNOTES Ep#14: ACF & JetPack Vulnerabilities, Japanese Keyword Hack from our Blog, & SSH Security

ESSENTIAL WORDPRESS SECURITY NEWS