2.10.16 is a security update that resolves two recently discovered vulnerabilities. Updating Page Builder resolves both issues with no further action required.
On Monday the 4th of May, Wordfence kindly reached out and let us know they had discovered two security vulnerabilities in Page Builder. SiteOrigin is primarily based in the GMT+2 timezone, the news reached us after working hours. On Tuesday the 5th of May, we resolved both issues. Once testing was complete, we released an update for Page Builder.
“WordPress nonces are one-time use security tokens generated by WordPress to help protect URLs and forms from misuse.” The Page Builder Live Editor and
so_panels_builder_content Ajax action. We’re grateful for Wordfence’s help and for letting us know as soon as they were aware. For a full walkthrough of the issues found, please, see the Wordfence report Vulnerabilities Patched in Page Builder by SiteOrigin.
If you have any questions or concerns, please, feel free to comment below. For any support queries, please, open a thread on our forum. Email support via [email protected] is available for our SiteOrigin Premium users.