Tag: websites,
This WordPress plugin for Elementor leaves websites vulnerable to hackers
If your website is powered by the WordPress page-builder Elementor, double-check if you’re using this popular plugin. Because, if you are, hackers can easily stage a complete takeover of your website thanks to a newly discovered security flaw.
Security researchers at Patchstack have released a new report about a concerning cybersecurity issue related to the WordPress plugin Essential Addons for Elementor. The plugin provides users with an assortment of pre-built WordPress blocks and templates for use when creating or updating their website.
“This plugin suffers from an unauthenticated privilege escalation vulnerability and allows any unauthenticated user to escalate their privilege to that of any user on the WordPress site,” writes Patchstack in its report.
Basically, malicious actors can take advantage of this to reset the password of any user, including the administrator’s account. If that latter account’s password is reset, a hacker could basically have access to the entire website – backend and all – and take control of the site from its rightful owner. If a targeted website stores user information, this bad actor would have access to and control of that as well.
“This vulnerability occurs because this password reset function does not validate a password reset key and instead directly changes the password of the given user,” explains Patchstack.
Update the plugin as soon as possible
The plugin vulnerability has since been patched and Essential Addons for Elementor users are being urged to update to version 5.7.2. All versions of the plugin prior, going back to version 5.4.0, are affected by the vulnerability. So, be sure to update the plugin!
More than 43 percent of all of the websites on the internet use WordPress. Elementor is a popular website builder for WordPress-powered sites. More than 12 million WordPress-sites utilize Elementor. According to the WordPress Plugin Directory, more than 1 million active websites have the Essential Addons for Elementor installed.
Wix is opening up its services to boost websites everywhere
WordPress Plugin Hole Puts ‘2 Million Websites’ At Risk
The flaw, tracked as CVE-2023-30777 and with a CVSS score of 6.1 out of 10 in severity, leaves sites vulnerable to reflected XSS attacks, which involve miscreants injecting malicious code into webpages. The code is then “reflected” back and executed within the browser of a visitor. Essentially, it allows someone to run JavaScript within another person’s view of a page, allowing the attacker to do things like steal information from the page, perform actions as the user, and so on. That’s a big problem if the visitor is a logged-in administrative user, as their account could be hijacked to take over the website.
“This vulnerability allows any unauthenticated user [to steal] sensitive information to, in this case, privilege escalation on the WordPress site by tricking the privileged user to visit the crafted URL path,” Patchstack wrote in its report. The outfit added that “this vulnerability could be triggered on a default installation or configuration of Advanced Custom Fields plugin. The XSS also could only be triggered from logged-in users that have access to the Advanced Custom Fields plugin.”
Read more of this story at Slashdot.
The best websites for custom PC builds
So you want to know which are the best websites for custom PC builds? Well, the answer to that question will vary depending on where you are in the world. To help make things easier for our readers, we’ve broken our recommendations into different categories, with options for US readers, UK readers, and European readers. We’d hate to send you to a website that doesn’t deliver to your region.
When it comes to which PC you use for gaming and leisure, there’s no definitive ‘best’ option, but we can certainly recommend the best websites for custom PC builds (like Chillblast, and Newegg). Every PC owner has their own unique needs for their computer, and by opting for a custom build, you can ensure that you get one that’s specifically optimized for the things you want to use it for.
MORE FROM PCGAMESN: Best graphics card, Best gaming PC, Best SSD for gaming
Google Chrome Is Ditching the Lock Icon for Websites
The lock icon in the address bar has led to plenty of confusion in modern web browsers, as it can give the impression that a site is safe even when it isn’t. Google has a plan to fix that problem: get rid of the icon entirely.
Read This Article on How-To Geek ›
Microsoft Resolves Edge Setting That Was Leaking Websites You Visit – CNET
Recommended Reading: The websites that make ChatGPT and other AI sound smart
Inside the secret list of websites that make AI like ChatGPT sound smart
Kevin Schaul, Szu Yu Chen and Nitasha Tiku, The Washington Post
AI chatbots are all the rage on the internet right now, but how much do you know about how the tech is being trained? The Washington Post explains how text that’s mostly scraped from the internet is ingested and transformed into human-like speech, including training material from “proprietary, personal and often offensive websites.”
Why social media impostors pose a constant battle for stars
J. Clara Chan, The Hollywood Reporter
Being a celebrity in the social media age means playing a constant game of whack-a-mole fighting imposters. The Hollywood Reporter explains how paid verification has only increased the challenge and how companies like Social Imposter are enlisted to help.
How Cuba’s Street Network used spy tech to access pop culture
Yussef Cole and Emile Bokaer, Polygon
A story about how “a framework of murky legality, hacked-together hardware and mysterious actors,” something more akin to spies and espionage, is being used to access things like video games and Game of Thrones in Cuba.
This article originally appeared on Engadget at https://www.engadget.com/recommended-reading-the-websites-that-make-chatgpt-and-other-ai-sound-smart-140040874.html?src=rss