Home>Blog>Page Builder 2.10.16 Security Update

Page Builder 2.10.16 Security Update

Page Builder 2.10.16 is a security update that resolves two recently discovered vulnerabilities. Updating Page Builder resolves both issues with no further action required.

On Monday the 4th of May, Wordfence kindly reached out and let us know they had discovered two security vulnerabilities in Page Builder. SiteOrigin is primarily based in the GMT+2 timezone, the news reached us after working hours. On Tuesday the 5th of May, we resolved both issues. Once testing was complete, we released an update for Page Builder.

WordPress nonces are one-time use security tokens generated by WordPress to help protect URLs and forms from misuse.” The Page Builder Live Editor and so_panels_builder_content Ajax action were each missing a nonce. An attacker could trick a user with an Administrator role into visiting a malformed URL and executing malicious JavaScript in the browser. To resolve, a nonce was added to the Live Editor preview URL and another to the so_panels_builder_content Ajax action. We’re grateful for Wordfence’s help and for letting us know as soon as they were aware. For a full walkthrough of the issues found, please, see the Wordfence report Vulnerabilities Patched in Page Builder by SiteOrigin.

If you have any questions or concerns, please, feel free to comment below. For any support queries, please, open a thread on our forum. Email support via [email protected] is available for our SiteOrigin Premium users.

Posted By Andrew Misplon in WordPress Plugins on May 5, 2020

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments

  1. Reply
    3 years, 10 months ago umer farooq

    greate work

  2. Reply
    3 years, 4 months ago ASESORIA DIAZESCRICHE, SCP

    Sorry, I’m not sure where to direct this query…

    • Reply
      3 years, 4 months ago Andrew Misplon
      Hi, I Work Here

      Hi Sergio, you can disable the privacy policy link at Customize > Theme Settings > General.

      Page: General

      The forum is at https://siteorigin.com/thread/ if you need a hand in the future. Cheers :)

      • Reply
        3 years, 4 months ago Andrew Misplon
        Hi, I Work Here

        If the above isn’t helpful, please, open a support topic, we’ll assist there. Thanks. https://siteorigin.com/thread/

  3. Reply
    3 years, 3 months ago Xtián

    Hi, I’m updating a WordPress website and I’m getting the following message:
    Thank you

    Howdy!

    Since WordPress 5.2 there is a built-in feature that detects when a plugin or theme causes a fatal error on your site, and notifies you with this automated email.

    In this case, WordPress caught an error with one of your plugins, Page Builder by SiteOrigin (ThinkUpThemes compatible).

    First, visit your website (https://www.pitchforkranchnm.com/) and check for any visible issues. Next, visit the page where the error was caught (https://www.pitchforkranchnm.com/wp-login.php) and check for any visible issues.

    Please contact your host for assistance with investigating this issue further.

    If your site appears broken and you can’t access your dashboard normally, WordPress now has a special “recovery mode”. This lets you safely login to your dashboard and investigate further.

    • Reply
      3 years, 3 months ago Andrew Misplon
      Hi, I Work Here

      Hi Xtián

      Thanks for reaching out.

      Page Builder by SiteOrigin (ThinkUpThemes compatible) is authored by ThinkUpThemes, they are the responsible author. https://www.thinkupthemes.com/contact/.

      If any SiteOrigin related questions arise in the future, please, let us know via our support forum at siteorigin.com/thread/, we’d be happy to lend a hand.

Get The Most Out of SiteOrigin with SiteOrigin Premium

Find Out More