Page Builder 2.10.16 Security Update
Page Builder 2.10.16
is a security update that resolves two recently discovered vulnerabilities. Updating Page Builder resolves both issues with no further action required.
On Monday the 4th of May, Wordfence kindly reached out and let us know they had discovered two security vulnerabilities in Page Builder. SiteOrigin is primarily based in the GMT+2 timezone, the news reached us after working hours. On Tuesday the 5th of May, we resolved both issues. Once testing was complete, we released an update for Page Builder.
“WordPress nonces are one-time use security tokens generated by WordPress to help protect URLs and forms from misuse.” The Page Builder Live Editor and so_panels_builder_content
Ajax action were each missing a nonce. An attacker could trick a user with an Administrator role into visiting a malformed URL and executing malicious JavaScript in the browser. To resolve, a nonce was added to the Live Editor preview URL and another to the so_panels_builder_content
Ajax action. We’re grateful for Wordfence’s help and for letting us know as soon as they were aware. For a full walkthrough of the issues found, please, see the Wordfence report Vulnerabilities Patched in Page Builder by SiteOrigin.
If you have any questions or concerns, please, feel free to comment below. For any support queries, please, open a thread on our forum. Email support via [email protected] is available for our SiteOrigin Premium users.
greate work
Sorry, I’m not sure where to direct this query…
Hi Sergio, you can disable the privacy policy link at Customize > Theme Settings > General.
Page: General
The forum is at https://siteorigin.com/thread/ if you need a hand in the future. Cheers :)
If the above isn’t helpful, please, open a support topic, we’ll assist there. Thanks. https://siteorigin.com/thread/
Hi, I’m updating a WordPress website and I’m getting the following message:
Thank you
Howdy!
Since WordPress 5.2 there is a built-in feature that detects when a plugin or theme causes a fatal error on your site, and notifies you with this automated email.
In this case, WordPress caught an error with one of your plugins, Page Builder by SiteOrigin (ThinkUpThemes compatible).
First, visit your website (https://www.pitchforkranchnm.com/) and check for any visible issues. Next, visit the page where the error was caught (https://www.pitchforkranchnm.com/wp-login.php) and check for any visible issues.
Please contact your host for assistance with investigating this issue further.
If your site appears broken and you can’t access your dashboard normally, WordPress now has a special “recovery mode”. This lets you safely login to your dashboard and investigate further.
Hi Xtián
Thanks for reaching out.
Page Builder by SiteOrigin (ThinkUpThemes compatible) is authored by ThinkUpThemes, they are the responsible author. https://www.thinkupthemes.com/contact/.
If any SiteOrigin related questions arise in the future, please, let us know via our support forum at siteorigin.com/thread/, we’d be happy to lend a hand.