Find notable cyber news and cases, enriched with sources, timelines, and signals.

Elementor Ally 4.1.0 security patch release (CVE-2026-2313)

Security Patch Release
First reported
Last updated
Happening score
H score 59
1 unique sources, 1 articles

Summary

Hide ▲

Elementor released Ally 4.1.0 to fix CVE-2026-2313, a SQL injection flaw in the WordPress accessibility plugin that could expose sensitive data. The update landed on February 23, 2026 and addresses affected Ally versions up to 4.0.3. Site owners running older releases need to move to 4.1.0 to close the vulnerability.

Related Happenings

Gitea Docker images security update (CVE-2026-20896)

Security Patch Release
H score51 First: 06.07.2026 19:28 Last: 06.07.2026 19:28 Sources 1

About this happening: Gitea released **version 1.26.3** to fix **CVE-2026-20896**, closing a critical authentication-bypass risk in **Gitea Docker images**. The update removed the default **"*"** wildc...

Dify security patch release for CVE-2026-41947

Security Patch Release
H score34 First: 22.06.2026 19:13 Last: 22.06.2026 19:13 Sources 1

About this happening: **Dify** shipped **version 1.14.2** to fix most of the **DifyTap** vulnerabilities, closing cross-tenant paths that could expose **AI chats**, **uploaded files**, and internal API...

Squid web proxy patch for CVE-2026-47729

Security Patch Release
H score20 First: 22.06.2026 17:29 Last: 22.06.2026 17:29 Sources 1

About this happening: **Squid maintainers** merged a **null-terminator check** for **CVE-2026-47729** into the **development branch** and **v7**, closing the FTP-parser over-read that could expose shar...

Gravity SMTP security patch release for CVE-2026-4020

Security Patch Release
H score16 First: 20.06.2026 12:56 Last: 20.06.2026 12:56 Sources 1

About this happening: **Gravity SMTP** released **version 2.1.5** to fix **CVE-2026-4020**, closing a **medium-severity information disclosure** flaw in the WordPress plugin. The patch addresses a bug...

F5 security patch release for CVE-2026-42530

Security Patch Release
H score39 First: 18.06.2026 20:32 Last: 18.06.2026 20:32 Sources 1

About this happening: **F5** released security updates for **NGINX Open Source** after finding **two critical vulnerabilities** that could lead to **remote code execution** on affected systems. The pat...

Timeline

  1. 11.03.2026 21:38 1 articles · 4mo ago

    Wordfence validates Ally SQL injection and discloses it to Elementor

    Initial Disclosure

    Drew Webber of Acquia identified an SQL injection vulnerability in Elementor's Ally WordPress plugin, and Wordfence validated the flaw and disclosed it to Elementor on February 13, 2026. The issue affected Ally versions up to 4.0.3 and could let an unauthenticated attacker inject SQL through the URL path to access sensitive data.

    Show sources
  2. 11.03.2026 21:38 2 articles · 4mo ago

    Elementor releases Ally 4.1.0 to fix CVE-2026-2313

    Mitigation Patch Update

    Elementor released Ally 4.1.0 on February 23, 2026 to fix CVE-2026-2313, closing the SQL injection path in the plugin's `get_global_remediations()` handling of a user-supplied URL parameter. The update addressed Ally versions up to 4.0.3 and came with an $800 bug bounty for the researcher.

    Show sources