Page Builder 2.10.16 Security Update
Page Builder 2.10.16
is a security update that resolves two recently discovered vulnerabilities. Updating Page Builder resolves both issues with no further action required.
On Monday the 4th of May, Wordfence kindly reached out and let us know they had discovered two security vulnerabilities in Page Builder. SiteOrigin is primarily based in the GMT+2 timezone, the news reached us after working hours. On Tuesday the 5th of May, we resolved both issues. Once testing was complete, we released an update for Page Builder.
“WordPress nonces are one-time use security tokens generated by WordPress to help protect URLs and forms from misuse.” The Page Builder Live Editor and so_panels_builder_content
Ajax action were each missing a nonce. An attacker could trick a user with an Administrator role into visiting a malformed URL and executing malicious JavaScript in the browser. To resolve, a nonce was added to the Live Editor preview URL and another to the so_panels_builder_content
Ajax action. We’re grateful for Wordfence’s help and for letting us know as soon as they were aware. For a full walkthrough of the issues found, please, see the Wordfence report Vulnerabilities Patched in Page Builder by SiteOrigin.
If you have any questions or concerns, please, feel free to comment below. For any support queries, please, open a thread on our forum. Email support via [email protected] is available for our SiteOrigin Premium users.
greate work
Good Morning!! I have installed the Vantage theme, with the last update I found a different duplicate version of the privacy policy model that I had in the footer of the page and I would like to know how this new version can be removed …
It is a blue button that appears on the right of the footer … with the text PRIVACY and the icon of a blank gear … when a new user enters the web it appears as a floating panel. Is it a plugin included in this latest update? can it be removed or configured?
THE GENERAL CONTENT OF THE FLOATING PANEL IS:
“WE CARE ABOUT YOUR PRIVACY
Vendor Settings
Purposes
Vendors can:
Store and/or access information on a device
Select basic ads
Create a personalised ads profile
Select personalised ads
Create a personalised content profile
Select personalised content
Measure ad performance
Measure content performance
Apply market research to generate audience insights
Develop and improve products
Special Purposes
Vendors can:
Ensure security, prevent fraud, and debug
Technically deliver ads or content
Features
Vendors can:
Match and combine offline data sources
Link different devices
Receive and use automatically-sent device characteristics for identification
Special Features
Vendors can:
Use precise geolocation data
Actively scan device characteristics for identification
Some partners do not ask for your consent to process your data, instead, they rely on their legitimate business interest. Personal data processed includes but is not limited to cookies, IP addresses, and URLs visited. View our list of partners to see the purposes they believe they have a legitimate interest for and object to legitimate interests on a per vendor basis. Manage your settings and object to purposes as a legitimate interest in general.
Your choices on this site will be applied globally. This means your settings will be available on other sites that set your choices globally. You can change your settings at any time, including by withdrawing your consent, by clicking on the cog icon in the bottom right hand corner.
Manage Settings
Vendors
Accept All
Reject All
Save & Exit…”
Can you help me with this please??
Regards,
Sergio
Sorry, I’m not sure where to direct this query…
Hi Sergio, you can disable the privacy policy link at Customize > Theme Settings > General.
Page: General
The forum is at https://siteorigin.com/thread/ if you need a hand in the future. Cheers :)
If the above isn’t helpful, please, open a support topic, we’ll assist there. Thanks. https://siteorigin.com/thread/
Hi, I’m updating a WordPress website and I’m getting the following message:
Thank you
Howdy!
Since WordPress 5.2 there is a built-in feature that detects when a plugin or theme causes a fatal error on your site, and notifies you with this automated email.
In this case, WordPress caught an error with one of your plugins, Page Builder by SiteOrigin (ThinkUpThemes compatible).
First, visit your website (https://www.pitchforkranchnm.com/) and check for any visible issues. Next, visit the page where the error was caught (https://www.pitchforkranchnm.com/wp-login.php) and check for any visible issues.
Please contact your host for assistance with investigating this issue further.
If your site appears broken and you can’t access your dashboard normally, WordPress now has a special “recovery mode”. This lets you safely login to your dashboard and investigate further.
Hi Xtián
Thanks for reaching out.
Page Builder by SiteOrigin (ThinkUpThemes compatible) is authored by ThinkUpThemes, they are the responsible author. https://www.thinkupthemes.com/contact/.
If any SiteOrigin related questions arise in the future, please, let us know via our support forum at siteorigin.com/thread/, we’d be happy to lend a hand.