Elementor Vulnerabilities Found

Security experts have recently issued a warning about six unique Cross-Site Scripting (XSS) vulnerabilities identified in both the Elementor Website Builder and its Pro edition. These vulnerabilities could potentially enable cyber attackers to execute malicious scripts.

Read more: Elementor Vulnerabilities Found

Overview of Elementor Website Builder

Elementor, a premier platform for building websites, is utilized by over 5 million active users globally, with claims from the official WordPress repository suggesting it powers more than 16 million websites worldwide. Its user-friendly drag-and-drop interface enables users to effortlessly craft professional-looking websites. The Pro version enhances this platform by offering additional widgets and sophisticated ecommerce features.

Due to its widespread popularity, Elementor has unfortunately become a prime target for malicious hackers, making these six vulnerabilities particularly alarming.

Details of the XSS Vulnerabilities

The vulnerabilities discovered in both the standard and Pro versions of Elementor Website Builder encompass six distinct XSS issues. Five of these vulnerabilities arise from inadequate input sanitation and output escaping, with one resulting from insufficient input sanitation alone.

Input sanitation is an essential coding protocol designed to secure parts of a plugin where users can enter data or upload files. This method prevents any non-conforming input, such as scripts or HTML, ensuring that only expected data types are allowed. Meanwhile, output escaping secures the plugin’s browser outputs, safeguarding site visitors from harmful scripts.

The WordPress Developer Handbook underscores the importance of input sanitization as a means of securing, cleaning, or filtering input data.

It is critical to understand that each of these six vulnerabilities is unique and not related to the others, pointing to a need for improved security measures on Elementor’s part. Notably, one vulnerability, identified as CVE-2024-2120, may affect both the free and Pro versions of the software. Efforts to clarify this with Wordfence are ongoing, and updates will be provided as new information becomes available.

List of Vulnerabilities in Elementor

  • CVE-2024-2117 (Elementor Website Builder): Up to version 3.20.2 – Authenticated DOM-Based Stored XSS via Path Widget
  • CVE-2024-2120 (Elementor Website Builder Pro): Up to version 3.20.1 – Authenticated Stored XSS via Post Navigation
  • CVE-2024-1521 (Elementor Website Builder Pro): Up to version 3.20.1 – Authenticated Stored XSS via Form Widget SVGZ File Upload (affects only NGINX servers)
  • CVE-2024-2121 (Elementor Website Builder Pro): Up to version 3.20.1 – Authenticated Stored XSS via Media Carousel widget
  • CVE-2024-1364 (Elementor Website Builder Pro): Up to version 3.20.1 – Authenticated Stored XSS via widget’s custom_id
  • CVE-2024-2781 (Elementor Website Builder Pro): Up to version 3.20.1 – Authenticated DOM-Based Stored XSS via video_html_tag

All vulnerabilities are deemed medium security threats, requiring a contributor-level permission for exploitation.

Changelog Insights

Wordfence reports two vulnerabilities affecting the free version of Elementor, but the changelog mentions a fix for only one. The affected widgets are the Path Widget and Post Navigation Widget, with only the Text Path Widget receiving a documented fix. The Elementor Pro changelog, however, confirms fixes for all mentioned vulnerabilities, suggesting a possible oversight in the free version’s documentation.

Recommendation for Elementor Users

To mitigate these security risks, it is strongly recommended for users of both Elementor versions to update their plugins to the latest releases. Despite the requirement for attacker-contributor level permission, the potential for exploitation exists, especially if contributors use weak passwords.

If you need assistance with this task, please book a webmaster session with us so we can perform a full audit of your site as well as perform updates, backups and other essential tasks.

How To Transfer Your Website From Afrihost to Aura Host

Transferring your website hosting package and domain name to a new provider can be a daunting process, but it doesn’t have to be. With the right preparation and knowledge, you can seamlessly move your website to a new host without losing data or experiencing significant downtime.

In this guide, we’ll provide you with a step-by-step list of instructions on how to transfer your website hosting package and domain name from one services provider to another. From evaluating your current hosting provider to canceling your old hosting account, we’ll cover everything you need to know to ensure a smooth and hassle-free transfer. So, let’s get started!

  1. Evaluate Your Current Hosting Provider – Before you switch to a new hosting provider, evaluate your current provider to identify the reasons for the switch. Make a list of the issues you’re experiencing with your current provider, such as slow page loading times, poor customer support, limited resources, or high renewal costs. This will help you identify the features and resources you need from your new hosting provider.
  2. Choose a New Hosting Provider – Research and compare different hosting providers to find the one that best meets your needs. Consider factors such as price, uptime guarantees, customer support, disk space, bandwidth, and website builder tools. Check reviews and ratings online to get an idea of the provider’s reputation and reliability.
  3. Purchase a New Hosting Plan – Once you’ve selected a new hosting provider, purchase the hosting plan that best suits your needs. Choose a plan that includes sufficient resources and support for your website, such as enough storage, bandwidth, and email accounts. Some hosting providers may offer a free domain name with a hosting plan purchase, so take advantage of this if available.
  4. Back Up Your Website – Before transferring your website to the new hosting provider, back up your website files, databases, and email accounts. This ensures that you have a copy of your website in case anything goes wrong during the transfer process. Most hosting providers offer backup tools or services that make it easy to create backups.
  5. Set Up Your New Hosting Account – Once you’ve purchased the new hosting plan, set up your new hosting account. This typically involves creating a new account with the hosting provider and configuring the website, email accounts, and domain settings. Most hosting providers offer easy-to-use website builders or site migration tools to help you set up your website.
  6. Initiate the Domain Transfer – To transfer your domain name from your current provider to the new provider, you need to initiate the transfer process. This typically involves unlocking the domain, obtaining an authorization code, and transferring the domain to the new provider. The new provider will typically provide you with instructions and support throughout the transfer process. The transfer process can take anywhere from a few hours to several days to complete, depending on your domain registrar.
  7. Wait for the Domain Transfer to Complete – After initiating the domain transfer, wait for the transfer to complete. During this time, your website may experience some downtime, and email services may be interrupted. Once the transfer is complete, your domain will be pointed to your new hosting account.
  8. Test Your Website – After the transfer is complete, test your website to ensure that everything is working correctly. Make sure that all links and pages are functioning properly, and that your email accounts are working correctly. If you experience any issues, contact the new hosting provider’s support team for assistance.
  9. Cancel Your Old Hosting Account – Once you’ve confirmed that your website is working correctly on the new hosting account, you can cancel your old hosting account. Be sure to check the renewal date for your old hosting account to avoid being charged for an additional billing cycle.

In summary, transferring your website hosting package and domain name to a new provider can be a straightforward process if you follow these steps. By evaluating your current hosting provider, choosing a new provider that meets your needs, and carefully following the transfer process, you can seamlessly move your website to a new host.

Common PHP 8.0 Problems and How to Solve Them

If you’re experiencing issues with your website since upgrading to PHP 8.0, you’re not alone. While PHP 8.0 offers many benefits, including improved performance and new features, it also comes with some compatibility issues that can break your website or cause it to function incorrectly.

Here are some of the most common problems that people are encountering:

  1. Deprecated Functions: With PHP 8.0, some functions that were commonly used in earlier versions have been removed or deprecated. This can cause issues with websites that rely on these functions. If your website is built on an older codebase, you may need to update your code to work with PHP 8.0.
  2. Incompatible Extensions: Many PHP extensions have not been updated to work with PHP 8.0, so if your website relies on one of these extensions, it may not function correctly. You may need to find alternative extensions or modify your code to work without them.
  3. Syntax Changes: PHP 8.0 introduces some changes to the language syntax, which can cause issues with websites that were built with earlier versions of PHP. This can include changes to the way variables are declared or changes to function parameters.

If you’re experiencing any of these issues, don’t worry – there are solutions available. Here are two options:

  1. Move Hosting to Aura Host: At Aura Host, we offer a PHP selection tool that allows you to choose your PHP version. This means you can easily switch to a version of PHP that is compatible with your website. Our hosting plans are optimized for PHP performance, so you can be confident that your website will run smoothly.
  2. Book Development Time: If you prefer to keep your existing hosting provider, you can book some time with our development team. We can analyze your codebase and identify any compatibility issues with PHP 8.0. We’ll work with you to make the necessary changes to ensure your website is fully functional.

Don’t let PHP 8.0 issues hold your website back. With the right solutions and support, you can ensure that your website is up-to-date and performing at its best. Contact us today to learn more about how we can help.

 How To Choose A Web Hosting Package

You’ve come this far, which means you are now looking to find the right web hosting package for your business needs. But how do you choose the right web hosting package? Ask yourself this, and be honest; how large is your current prosumer base? How much handholding are you going to need? How quickly do you expect your business to grow now that you have taken steps to grow your online presence?

“Great hosting boils down to the 3 S’s: speed, support and security,” said Adam Berry, digital director at Wingard Creative.

Well, depending on the scale of your website and how much you want your business to be able to grow, this article should help you narrow down which web hosting package is right for you. We have broken down our web hosting packages to not only help you decide which package would work for you now, but to make it simple to upgrade your package as your business grows.

What is Shared Web Hosting and why it would work for you?

A Shared Web Hosting account is the most common and cost-effective type of Website Hosting. It is when your website or websites are located on the same server as a lot of other websites.
This does not affect the security of your site because of the Cloud Linux system we use. This system essentially puts your website into its own cage, protecting your site if any of the other sites on the server are more vulnerable. Cloud Linux also allows us the split the resources up, such as CPU power, RAM allowance, EP points and a lot more. This means that other clients on the server can never get greedy with the resources that can result in your site to slow down and not load properly. Here at Aura Host we like to be generous and honest with our resources.

With every package you will also receive a free SSL certificate (AutoSSL)which will protect your customers when they are using your site.

There is one achilles heel to shared hosting though, and that would be the shared IP. There runs a risk that if one client on the same IP for example has their WordPress

Therefore, if you are a marketing company that is hosting or designing other sites we recommend using a Resellers Web Hosting (backlink to other blog).

For beginners Shared Web Hosting with its ease of setup and affordability is the best option.

Step 1: Figure out your current and future web hosting needs

Firstly, ask yourself- How many email accounts do you need? What storage capacity(backlink to CPU/RAM thing) do you require? Do you require website building capabilities on WordPress or other Content Management Systems(backlink)? What are your speed of site requirements(backlink to google analytics page)?

Let’s say you are a small business that currently has 3 emails linked to your single page website. You’re wanting to grow your website; in terms of traffic to the site, the sales that traffic will generate and the amount of employees you will need in order to deal with the higher volume.
If you go for the Bronze Web Hosting Package, you will have enough for what you are currently required to run; however you will not have website building capacity or the storage required to deal with the increased traffic.
Therefore if you are at this stage of your business development, we would suggest go for the Silver Web Hosting Package, as it gives you the capabilities to grow your business without slowing down your website or production capacities.

If you do not currently have website building capacities, you will need to go with either a Gold or Platinum web sharing package, as these packages include the software that you need. There is more support offered.

The speed of your website is important- not just for your customers but for your Search Engine Optimisation (backlink). The more traffic you have on your site, the slower your site will perform. So even if you have a single page site, if you have a lot of plugins on this webpage, you will need a Shared Web Hosting Package that has more storage.
Therefore if you do not have enough storage capacity on your package, your customers will get frustrated at the site being slow and you will not gain traction in moving your site to the front pages of Search Engines.

Step 2: Consider your budget
You want to get started on growing your business, but you don’t currently have the budget to make all your amazing ideas come to fruition. Well, we have a solution for that. Our Gold and Platinum Shared Hosting Packages can be paid off monthly. So if you are looking to build websites that will generate a large amount of traffic, have a great SEO recognition, is protected from spam, is truly secure for you and your customers to use and has the potential for exponential growth we would recommend using a Gold or Platinum Shared Website Hosting Package.

5 steps to getting your business online in South Africa

In these pandemic times of social distancing and indefinite lockdown, there is only one way up for most businesses on planet Earth: online. Bricks-and-mortar are no longer safe havens for entrepreneurial ventures, big or small. Now you need to take your business to a new level: straight into the cosy confines of your potential customer’s own home.

Continue reading “5 steps to getting your business online in South Africa”

Do I need to move hosting? An easy guide

Not all relationships are built to last and sometimes a change can do you the world of good.

Your relationship with your web host might be in need of a clean sweep when you ask: “Do I need to move hosting?”

Perhaps you are not getting the level of customer service you need or haven’t noticed a significant-enough uptake of business since your ‘bells-and-whistles’ site was launched.

Maybe you don’t have enough space or bandwidth through your host. Or your website is running slow due to a shared server being overloaded or a web host oversharing its resources. Maybe your live development time is too slow.

Continue reading “Do I need to move hosting? An easy guide”