Connect with us

NEWS

3rd Party Elementor Plugins Vulnerability Affects +1 Million

Published

on

Three Vulnerabilities Fixed by Brainstorm Force in March 2021

This is a list of three separate exploits related to their Elementor Plugins that Brainstorm Force fixed in March 2021:

  • Version 1.30.0 – Fixed – March 30, 2021
    Hardened allowed options in the editor to enforce better security policies.
  • Version 4.1.7 – Important Update 09 Mar 2021
    Vulnerability fixed – Final Patch
  • Version 4.1.6 – Important Update 08 Mar 2021
    Vulnerability fixed – Registration Widget

Advertisement

Continue Reading Below

Brainstorm Force Elementor Plugin Vulnerabilities

The publishers of the Ultimate Addons for Elementor plugin notified customers of a vulnerability affecting two of their plugins.  This is the third time this year that Brainstorm Force has released an update to fix vulnerabilities in the Elementor Plugins that they publish.

The two affected plugins are addons for the popular Elementor page builder plugin. Addons are third party plugins that extend the functionality and features of the Elementor Page Builder plugin.

The addon plugins with vulnerabilities are published by a third party, Brainstorm Force.

The affected plugins for Elementor are:

  • Ultimate Addons for Elementor
  • Elementor – Header, Footer & Blocks Template

Advertisement

Continue Reading Below

An email sent by Brainstorm Force noted that they were notified of the vulnerabilities by the Wordfence security team and that they responded within hours.

According to the email:

“In each of these updates, we’ve fixed a vulnerability reported to use by the team at Wordfence.

These are very similar to the ones that the Elementor team recently fixed in their version 3.1.2.”

Screenshot of Brainstorm Force Email

Screenshot of Brainstorm Force email

Screenshot of Brainstorm Force email

The Elementor vulnerability that Brainstorm Force referenced is known as a Stored Cross-site Scripting Vulnerability, one that had the possibility of enabling malicious hackers to stage a full site takeover.

(Read: WordPress Elementor Vulnerability Affects +7 Million)

Stored Cross-site Scripting Vulnerability

Brainstorm Force did not explicitly say that the exploit patched was a Stored Cross-site Scripting Vulnerability. They only compared the fixed exploit to one that was patched by the Elementor page builder software.

A Stored Cross-Site Scripting Vulnerability is one in which a malicious script is uploaded directly to the website. This kind of vulnerability is generally considered to be more serious than another kind of cross site scripting (XSS) vulnerability called a Reflected XSS that depends on a link being clicked.

Advertisement

Continue Reading Below

With a Stored XSS Vulnerability there is no need for a link to be clicked, the vulnerability exists on the affected website.

Wordfence Has Not Released Details

Wordfence has not released details of the vulnerability. As of this date, the only description of the vulnerability has been provided by Brainstorm Force as being similar to the Elementor page builder vulnerability.

But Brainstorm Force did not explicitly state that their plugin vulnerabilities are Stored XSS exploits. Only that they were similar to the Elementor vulnerability that was an XSS vulnerability.

Fixed Versions of Elementor Addons

The Elementor – Header, Footer & Blocks Template

The Elementor – Header, Footer & Blocks Template was patched on March 31, 2021 to version 1.5.8.

According to the changelog that documents what the updates contain, this update hardened it against a vulnerability.

Advertisement

Continue Reading Below

This is what the changelog documented: 

“1.5.8
Fix: Hardened allowed options in the editor to enforce better security policies.”

The fact that the editor needed hardening gives a clue that suggests that the vulnerability may be one that requires that a hacker have subscriber level privileges.

But this is not yet been officially confirmed at this time.

Ultimate Addons for Elementor

The Ultimate Addons for Elementor plugin was also patched on March 31, 2021 to version 1.30.0.

The reason given as to what was fixed is exactly the same as for the Elementor – Header, Footer & Blocks Template.

According to the Ultimate Addons for Elementor changelog:

“Hardened allowed options in the editor to enforce better security policies.”

Update Immediately

It is highly recommended that all publishers using these two plugins update their versions immediately.

Advertisement

Continue Reading Below

The latest patched versions of the software are:

  • The Elementor – Header, Footer & Blocks Template 1.5.8
  • Ultimate Addons for Elementor 1.30.0

Searchenginejournal.com

NEWS

OpenAI Introduces ChatGPT Plus with Monthly Subscription of $20

Published

on

Open AI - Chat GPT

OpenAI, the leading artificial intelligence research laboratory, has launched a new product – ChatGPT Plus. The new product is an advanced version of its previous language model, ChatGPT, and is available for a monthly subscription of $20. The company aims to provide a more sophisticated and efficient conversational AI tool to its users through this new product.

ChatGPT Plus is a state-of-the-art language model that uses advanced deep learning algorithms to generate human-like responses to text inputs. The model has been trained on a massive corpus of text data, allowing it to generate coherent and contextually relevant responses. The model is designed to handle a wide range of conversational topics and can be integrated into various applications, such as chatbots, customer support systems, and virtual assistants.

One of the main advantages of ChatGPT Plus over its predecessor, ChatGPT, is its ability to generate responses in a more human-like manner. The model has been fine-tuned to incorporate more advanced language processing techniques, which enable it to better understand the context and tone of a conversation. This makes it possible for the model to generate more nuanced and appropriate responses, which can greatly improve the user experience.

In addition to its advanced language processing capabilities, ChatGPT Plus also offers improved performance in terms of response generation speed and efficiency. The model has been optimized to run on faster hardware and has been fine-tuned to generate responses more quickly. This makes it possible for the model to handle a larger volume of requests, making it an ideal solution for businesses with high traffic websites or customer support centers.

The monthly subscription fee of $20 for ChatGPT Plus makes it an affordable solution for businesses of all sizes. The company has designed the pricing model in such a way that it is accessible to businesses of all sizes, regardless of their budget. This makes it possible for small businesses to take advantage of advanced conversational AI technology, which can greatly improve their customer engagement and support.

OpenAI has also made it easy to integrate ChatGPT Plus into various applications. The company has provided a comprehensive API that allows developers to easily integrate the model into their applications. The API supports a wide range of programming languages, making it possible for developers to use the technology regardless of their preferred programming language. This makes it possible for businesses to quickly and easily incorporate conversational AI into their operations.

In conclusion, OpenAI’s launch of ChatGPT Plus is a significant development in the field of conversational AI. The new product offers advanced language processing capabilities and improved performance, making it an ideal solution for businesses of all sizes. The affordable pricing model and easy integration make it accessible to businesses of all sizes, and the advanced language processing capabilities make it possible for businesses to improve their customer engagement and support. OpenAI’s ChatGPT Plus is set to revolutionize the conversational AI industry and bring advanced technology within the reach of businesses of all sizes.

Visit OpenAI.com to read more and to get the latest news about ChatGPT.

Continue Reading

NEWS

What can ChatGPT do?

Published

on

ChatGPT Explained

ChatGPT is a large language model developed by OpenAI that is trained on a massive amount of text data. It is capable of generating human-like text and has been used in a variety of applications, such as chatbots, language translation, and text summarization.

One of the key features of ChatGPT is its ability to generate text that is similar to human writing. This is achieved through the use of a transformer architecture, which allows the model to understand the context and relationships between words in a sentence. The transformer architecture is a type of neural network that is designed to process sequential data, such as natural language.

Another important aspect of ChatGPT is its ability to generate text that is contextually relevant. This means that the model is able to understand the context of a conversation and generate responses that are appropriate to the conversation. This is accomplished by the use of a technique called “masked language modeling,” which allows the model to predict the next word in a sentence based on the context of the previous words.

One of the most popular applications of ChatGPT is in the creation of chatbots. Chatbots are computer programs that simulate human conversation and can be used in customer service, sales, and other applications. ChatGPT is particularly well-suited for this task because of its ability to generate human-like text and understand context.

Another application of ChatGPT is language translation. By training the model on a large amount of text data in multiple languages, it can be used to translate text from one language to another. The model is able to understand the meaning of the text and generate a translation that is grammatically correct and semantically equivalent.

In addition to chatbots and language translation, ChatGPT can also be used for text summarization. This is the process of taking a large amount of text and condensing it into a shorter, more concise version. ChatGPT is able to understand the main ideas of the text and generate a summary that captures the most important information.

Despite its many capabilities and applications, ChatGPT is not without its limitations. One of the main challenges with using language models like ChatGPT is the risk of generating text that is biased or offensive. This can occur when the model is trained on text data that contains biases or stereotypes. To address this, OpenAI has implemented a number of techniques to reduce bias in the training data and in the model itself.

In conclusion, ChatGPT is a powerful language model that is capable of generating human-like text and understanding context. It has a wide range of applications, including chatbots, language translation, and text summarization. While there are limitations to its use, ongoing research and development is aimed at improving the model’s performance and reducing the risk of bias.

** The above article has been written 100% by ChatGPT. This is an example of what can be done with AI. This was done to show the advanced text that can be written by an automated AI.

Continue Reading

NEWS

Google December Product Reviews Update Affects More Than English Language Sites? via @sejournal, @martinibuster

Published

on

Google’s Product Reviews update was announced to be rolling out to the English language. No mention was made as to if or when it would roll out to other languages. Mueller answered a question as to whether it is rolling out to other languages.

Google December 2021 Product Reviews Update

On December 1, 2021, Google announced on Twitter that a Product Review update would be rolling out that would focus on English language web pages.

The focus of the update was for improving the quality of reviews shown in Google search, specifically targeting review sites.

A Googler tweeted a description of the kinds of sites that would be targeted for demotion in the search rankings:

“Mainly relevant to sites that post articles reviewing products.

Think of sites like “best TVs under $200″.com.

Goal is to improve the quality and usefulness of reviews we show users.”

Advertisement

Continue Reading Below

Google also published a blog post with more guidance on the product review update that introduced two new best practices that Google’s algorithm would be looking for.

The first best practice was a requirement of evidence that a product was actually handled and reviewed.

The second best practice was to provide links to more than one place that a user could purchase the product.

The Twitter announcement stated that it was rolling out to English language websites. The blog post did not mention what languages it was rolling out to nor did the blog post specify that the product review update was limited to the English language.

Google’s Mueller Thinking About Product Reviews Update

Screenshot of Google's John Mueller trying to recall if December Product Review Update affects more than the English language

Screenshot of Google's John Mueller trying to recall if December Product Review Update affects more than the English language

Product Review Update Targets More Languages?

The person asking the question was rightly under the impression that the product review update only affected English language search results.

Advertisement

Continue Reading Below

But he asserted that he was seeing search volatility in the German language that appears to be related to Google’s December 2021 Product Review Update.

This is his question:

“I was seeing some movements in German search as well.

So I was wondering if there could also be an effect on websites in other languages by this product reviews update… because we had lots of movement and volatility in the last weeks.

…My question is, is it possible that the product reviews update affects other sites as well?”

John Mueller answered:

“I don’t know… like other languages?

My assumption was this was global and and across all languages.

But I don’t know what we announced in the blog post specifically.

But usually we try to push the engineering team to make a decision on that so that we can document it properly in the blog post.

I don’t know if that happened with the product reviews update. I don’t recall the complete blog post.

But it’s… from my point of view it seems like something that we could be doing in multiple languages and wouldn’t be tied to English.

And even if it were English initially, it feels like something that is relevant across the board, and we should try to find ways to roll that out to other languages over time as well.

So I’m not particularly surprised that you see changes in Germany.

But I also don’t know what we actually announced with regards to the locations and languages that are involved.”

Does Product Reviews Update Affect More Languages?

While the tweeted announcement specified that the product reviews update was limited to the English language the official blog post did not mention any such limitations.

Google’s John Mueller offered his opinion that the product reviews update is something that Google could do in multiple languages.

One must wonder if the tweet was meant to communicate that the update was rolling out first in English and subsequently to other languages.

It’s unclear if the product reviews update was rolled out globally to more languages. Hopefully Google will clarify this soon.

Citations

Google Blog Post About Product Reviews Update

Product reviews update and your site

Google’s New Product Reviews Guidelines

Write high quality product reviews

John Mueller Discusses If Product Reviews Update Is Global

Watch Mueller answer the question at the 14:00 Minute Mark

[embedded content]Searchenginejournal.com

Continue Reading

Trending

en_USEnglish