Saijo George

Curated by Saijo George

Read more

wednesday14 Apr 2021

Bunch Of Elementor Addons Patched With Serious Vulnerabilities

https://www.wordfence.com

15 of the most popular addon plugins for Elementor, which are collectively installed on over 3.5 million sites had some serious Cross-Site Scripting vulnerabilities patched recently. They allowed any user able to access the Elementor editor, including contributors, to add JavaScript to posts. This JavaScript would be executed if the post was viewed, edited, or previewed by any other site user, and could be used to take over a site if the victim was an administrator.

Essential Addons for Elementor (essential-addons-for-elementor-lite), 1M+ Installations
Versions < 4.5.4 are vulnerable, patched in version 4.5.4

Elementor – Header, Footer & Blocks Template (header-footer-elementor), 1M+ Installations
Versions < 1.5.8 are vulnerable, patched in version 1.5.8

Ultimate Addons for Elementor (ultimate-elementor), 600k+ Installations
Versions < 1.30.0 are vulnerable, patched in version 1.30.0

Premium Addons for Elementor (premium-addons-for-elementor), 400k+ Installations
Versions < 4.2.8 are vulnerable, patched in version 4.2.8

ElementsKit (elementskit-lite) and ElementsKit Pro (elementskit), 300k+ Installations
Versions < 2.2.0 are vulnerable, patched in version 2.2.0

Elementor Addon Elements (addon-elements-for-elementor-page-builder), 100k+ Installations
Versions < 1.11.2 are vulnerable, patched in version 1.11.2

Livemesh Addons for Elementor (addons-for-elementor), 100k+ Installations
Versions < 6.8 are vulnerable, patched in version 6.8

HT Mega – Absolute Addons for Elementor Page Builder (ht-mega-for-elementor), 70k+ Installations
Versions < 1.5.7 are vulnerable, patched in version 1.5.7

WooLentor – WooCommerce Elementor Addons + Builder (woolentor-addons), 50k+ Installations
Versions < 1.8.6 are vulnerable, patched in version 1.8.6

PowerPack Addons for Elementor (powerpack-lite-for-elementor), 50k+ Installations
Versions < 2.3.2 are vulnerable, patched in version 2.3.2

Image Hover Effects – Elementor Addon (image-hover-effects-addon-for-elementor), 40k+ Installations
Versions < 1.3.4 are vulnerable, patched in version 1.3.4

Rife Elementor Extensions & Templates (rife-elementor-extensions), 30k+ Installations
Versions < 1.1.6 are vulnerable, patched in version 1.1.6

The Plus Addons for Elementor Page Builder Lite (the-plus-addons-for-elementor-page-builder), 30k+ Installations
Versions < 2.0.6 are vulnerable, patched in version 2.0.6

All-in-One Addons for Elementor – WidgetKit (widgetkit-for-elementor), 20k+ Installations
Versions < 2.3.10 are vulnerable, patched in version 2.3.10

JetWidgets For Elementor (jetwidgets-for-elementor), 10k+ Installations
Versions < 1.0.9 are vulnerable, patched in version 1.0.9

Sina Extension for Elementor (sina-extension-for-elementor), 10k+ Installations
Versions < 3.3.12 are vulnerable, patched in version 3.3.12

DethemeKit For Elementor (dethemekit-for-elementor), 8k+ Installations
Versions < 1.5.5.5 are vulnerable, patched in version 1.5.5.5

General

As an agency director, staying on the pulse of changes in the digital landscape is fundamental to our success. Unlike traditional industries, we can't rely on the methods that worked for us in the past as the pace of change and transformation in digital dictates constant investment in education. Saijo and the tl;dr feed/newsletter is an invaluable source to anyone in digital as it constantly provides value and keeps busy digital talent reliably up-to-date. Make reading it a weekly habit and you'll understand why tl;dr marketing is your secret weapon in digital and why you should consider Saijo a good friend to have in your network.

Senior SEO Specialist / Audience Strategist

Full Time 100% Remote

Company : 10up

10up is a fully distributed, global creative services agency; partnering with some of the biggest brands in the world.  This role at 10up sits on our Audience and Revenue team.…