Learn how effective pillar pages and clustered content improve site structure, internal linking, and on-page SEO.
The third edition of Ranking Factors is finally here! It got a little makeover both in looks and content inside. And, for the first time, we’ve put all the factors into a sortable sheet to find the info you need, faster.
With CallRail’s VP of Product, Jason Tatum, we will also cover the past and future state of phone calls, and how you can use AI to gain valuable insights that will transform your business.Â
Dive into the future of paid search and explore the trends, strategies, and technologies that will shape the search marketing landscape.
Dive into the future of paid search and explore the trends, strategies, and technologies that will shape the search marketing landscape.
With CallRail’s VP of Product, Jason Tatum, we will also cover the past and future state of phone calls, and how you can use AI to gain valuable insights that will transform your business.Â
Critical vulnerabilities in Elementor Pro allows hacker control of website
WordFence is reporting that Elementor Pro has a Critical Zero Day vulnerability exploit. This vulnerability has just been patched today, May 7, 2020. Unpatched versions are reportedly actively being exploited.
Elementor just released Pro version 2.9.4, which contains the fix for the critical file upload vulnerability
According to WordFence there are two plugins involved that each have a vulnerability.
Elementor Pro is the paid version of the Elementor WordPress page builder plugin. This vulnerability does not affect the free version of the Elementor plugin.
The vulnerability is rated as “critical” according to WordFence.
A hacker would need to be registered with the website in order to take advantage of the vulnerability.
If you run an Elementor Pro powered WordPress website and you allow site visitors to register in order to comment or contribute to the site, then you may be vulnerable.
If however your Elementor Pro WordPress site does not have registered users you may still be at risk.
The reason you may still be at risk is because another plugin Ultimate Addons for Elementor, allows a hacker to register as a subscriber even if registration is prohibited.
That means that the Ultimate Addons for Elementor plugin allows a hacker to hack Elementor Pro.
According to WordFence:
“Due to the vulnerability being unpatched at this time, we are excluding any further information.
We have data via another vendor that indicates the Elementor team are working on a patch. We have contacted Elementor and did not immediately receive confirmation of this before publication.”
The second plugin that is vulnerable is the Ultimate Addons for Elementor plugin. The vulnerability allows a hacker to take advantage of the Elementor Pro vulnerability if user registration is turned off.
At this moment there is a newly released patch available to fix the Elementor Pro vulnerability. Update Elementor Pro to version 2.9.4 to be protected.
There is also a patch to fix the Ultimate Addons for Elementor plugin (instructions here).
By upgrading the Ultimate Addons plugin (if you have it installed) you can in theory block a hacker from exploiting an Elementor Pro site, as long as user registrations are prohibited.
WordFence recommends updating Elementor Pro to version 2.9.4.
Once Elementor Pro is updated you will be safe from hacking.
Read the WordFence announcement:
Combined Attack on Elementor Pro and Ultimate Addons for Elementor Puts 1 Million Sites at Risk
Roger Montti is a search marketer with over 20 years experience. I offer site audits and phone consultations. See me ...
Conquer your day with daily search marketing news.
Join Our Newsletter.
Get your daily dose of search know-how.
In a world ruled by algorithms, SEJ brings timely, relevant information for SEOs, marketers, and entrepreneurs to optimize and grow their businesses -- and careers.
Copyright © 2023 Search Engine Journal. All rights reserved. Published by Alpha Brand Media.
source
