Home>Support>Update to Widgets for SiteOrigin – Security Vulnerability

Update to Widgets for SiteOrigin – Security Vulnerability

By decantery, 6 years ago. Last reply by Alex S, 6 years ago.
Notice: This thread is over two years old; the information may be outdated. Please consider creating a new thread if you require free support. If you have an active SiteOrigin Premium license, you can email our premium support desk at [email protected].

Hello. Is there an update to the widgets-for-siteorigin bundle? I received an email from my hosting company stating there was a vulnerability issue. Is there an update to the plugin so this can be addressed?

The email from the hosting provider is below. The widgets-for-siteorgin bundle is listed at the bottom.

At WP Engine we take the security of your sites very seriously, and make every effort to keep our customers aware of any potential security issues. We are reaching out to you today because we identified your site(s), (xx), are utilizing a plugin that depends on a vulnerable version of the Freemius SDK.

This vulnerable SDK allows any authenticated user with an account, including subscribers, to modify site configuration options. An attacker who is able to obtain an account could leverage this vulnerability to take control of your site.

To secure your site, ensure that all plugins are updated. A partial list of affected plugins is available here: https://wpvulndb.com/vulnerabilities/9223
wp-affiliate-disclosure fixed in version 1.1.4
404-to-301 fixed in version 3.0.2
buddyforms fixed in version 2.3.2
contact-form-7-multi-step-module fixed in version 3.0.9
content-aware-sidebars fixed in version 3.8.1
delete-duplicate-posts fixed in version 4.1.9.5
easy-watermark fixed in version 0.7.1
final-tiles-grid-gallery-lite fixed in version 3.3.57
foobox-image-lightbox fixed in version 2.6.4
foogallery fixed in version 1.6.17
nextgen-gallery fixed in version 3.1.7
addons-for-elementor fixed in version 2.7.3
mobile-menu fixed in 2.7.3
popup-maker fixed in 1.8.3
post-snippets fixed in version 3.0.4
stop-user-enumeration fixed in version 1.3.20
wp-fail2ban fixed in version 4.0.5
wp-security-audit-log fixed in version 3.3.1.2
wp-stripe-plaid
windsor-strava-athlete
wp-hr-manager
livemesh-siteorigin-widgets Unfixed as of version 2.5.1
widgets-for-siteorigin Unfixed as of version 1.4.2

Please make sure to run a backup of your database before making any changes; which you can learn how to do in this article: http://wpengine.com/support/restore/

Feel free to reach out to our Support team at any time if you have any questions!

This is our free support forum. Replies can take several days. If you need fast email support, please purchase a SiteOrigin Premium license.

  1. 6 years, 7 months ago Alex S
    Hi, I Work Here

    Hi Decantery,

    SiteOrigin Widgets Bundle does not use Freemius so it is not vulnerable to this security issue. The flagged plugin, Widgets for SiteOrigin, is a third party plugin and isn’t one of our plugins. Please reach out to the developers here and report this issue.

    I’m very sorry for any inconvenience caused by this misunderstanding.

  2. 6 years, 7 months ago decantery

    No worries. I appreciate the quick follow up and information. I appreciate it.

  3. 6 years, 7 months ago Alex S
    Hi, I Work Here

    Hi Decantery,

    No worries mate, we completely understand.
    Please be sure to post another thread if you have any other questions.

Replies on this thread are closed. Please create a new thread if you have a question, or purchase a SiteOrigin Premium license if you need one-on-one email support.

Get The Most Out of SiteOrigin with SiteOrigin Premium

Find Out More