Home>Blog>Page Builder 2.10.16 Security Update

Page Builder 2.10.16 Security Update

Page Builder 2.10.16 is a security update that resolves two recently discovered vulnerabilities. Updating Page Builder resolves both issues with no further action required.

On Monday the 4th of May, Wordfence kindly reached out and let us know they had discovered two security vulnerabilities in Page Builder. SiteOrigin is primarily based in the GMT+2 timezone, the news reached us after working hours. On Tuesday the 5th of May, we resolved both issues. Once testing was complete, we released an update for Page Builder.

WordPress nonces are one-time use security tokens generated by WordPress to help protect URLs and forms from misuse.” The Page Builder Live Editor and so_panels_builder_content Ajax action were each missing a nonce. An attacker could trick a user with an Administrator role into visiting a malformed URL and executing malicious JavaScript in the browser. To resolve, a nonce was added to the Live Editor preview URL and another to the so_panels_builder_content Ajax action. We’re grateful for Wordfence’s help and for letting us know as soon as they were aware. For a full walkthrough of the issues found, please, see the Wordfence report Vulnerabilities Patched in Page Builder by SiteOrigin.

If you have any questions or concerns, please, feel free to comment below. For any support queries, please, open a thread on our forum. Email support via [email protected] is available for our SiteOrigin Premium users.

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments

  1. 10 months, 22 hours ago umer farooq

    greate work

  2. 3 months, 20 days ago ASESORIA DIAZESCRICHE, SCP

    Good Morning!! I have installed the Vantage theme, with the last update I found a different duplicate version of the privacy policy model that I had in the footer of the page and I would like to know how this new version can be removed …
    It is a blue button that appears on the right of the footer … with the text PRIVACY and the icon of a blank gear … when a new user enters the web it appears as a floating panel. Is it a plugin included in this latest update? can it be removed or configured?
    THE GENERAL CONTENT OF THE FLOATING PANEL IS:

    “WE CARE ABOUT YOUR PRIVACY
    Vendor Settings
    Purposes
    Vendors can:
    Store and/or access information on a device
    Select basic ads
    Create a personalised ads profile
    Select personalised ads
    Create a personalised content profile
    Select personalised content
    Measure ad performance
    Measure content performance
    Apply market research to generate audience insights
    Develop and improve products
    Special Purposes
    Vendors can:

    Ensure security, prevent fraud, and debug
    Technically deliver ads or content

    Features
    Vendors can:

    Match and combine offline data sources
    Link different devices
    Receive and use automatically-sent device characteristics for identification

    Special Features
    Vendors can:
    Use precise geolocation data
    Actively scan device characteristics for identification

    Some partners do not ask for your consent to process your data, instead, they rely on their legitimate business interest. Personal data processed includes but is not limited to cookies, IP addresses, and URLs visited. View our list of partners to see the purposes they believe they have a legitimate interest for and object to legitimate interests on a per vendor basis. Manage your settings and object to purposes as a legitimate interest in general.

    Your choices on this site will be applied globally. This means your settings will be available on other sites that set your choices globally. You can change your settings at any time, including by withdrawing your consent, by clicking on the cog icon in the bottom right hand corner.
    Manage Settings
    Vendors
    Accept All
    Reject All
    Save & Exit…”

    Can you help me with this please??

    Regards,
    Sergio

  3. 3 months, 20 days ago ASESORIA DIAZESCRICHE, SCP

    Sorry, I’m not sure where to direct this query…

    • 3 months, 20 days ago Andrew Misplon Hi, I Work Here

      Hi Sergio, you can disable the privacy policy link at Customize > Theme Settings > General.

      Page: General

      The forum is at https://siteorigin.com/thread/ if you need a hand in the future. Cheers :)

      • 3 months, 20 days ago Andrew Misplon Hi, I Work Here

        If the above isn’t helpful, please, open a support topic, we’ll assist there. Thanks. https://siteorigin.com/thread/

  4. 3 months, 10 days ago Xtián

    Hi, I’m updating a WordPress website and I’m getting the following message:
    Thank you

    Howdy!

    Since WordPress 5.2 there is a built-in feature that detects when a plugin or theme causes a fatal error on your site, and notifies you with this automated email.

    In this case, WordPress caught an error with one of your plugins, Page Builder by SiteOrigin (ThinkUpThemes compatible).

    First, visit your website (https://www.pitchforkranchnm.com/) and check for any visible issues. Next, visit the page where the error was caught (https://www.pitchforkranchnm.com/wp-login.php) and check for any visible issues.

    Please contact your host for assistance with investigating this issue further.

    If your site appears broken and you can’t access your dashboard normally, WordPress now has a special “recovery mode”. This lets you safely login to your dashboard and investigate further.

    • 3 months, 9 days ago Andrew Misplon Hi, I Work Here

      Hi Xtián

      Thanks for reaching out.

      Page Builder by SiteOrigin (ThinkUpThemes compatible) is authored by ThinkUpThemes, they are the responsible author. https://www.thinkupthemes.com/contact/.

      If any SiteOrigin related questions arise in the future, please, let us know via our support forum at siteorigin.com/thread/, we’d be happy to lend a hand.

Get The Most Out of SiteOrigin with SiteOrigin Premium

Find Out More