4/9/2023 0 Comments Wpbakery iconboxWith dual control, you limit the capabilities of users with administrative capabilities. So, to keep your site safe you can enable dual control. This is a great strategy to avoid cross-site scripting (XSS) attacks like WPBakery vulnerability. WordPress is the most popular CMS platform so there are thousands of hackers trying to find flaws to exploit. What can you do to prevent this in the future? Which WPBakery versions are affected by the vulnerability?Īll the sites using WPBakery 6.4 and under are affected by this vulnerability so we highly recommend you update to the latest version 6.4.1 as soon as possible.Īdditionally, make sure that all the contributor or author user-level accounts on your site are trusted. However, last September 24th WPBakery launched a new version 6.4.1 that finally fixes the vulnerability. How to fix the WPBakery vulnerability?Įven though Wordfence discovered the vulnerability more than 2 months ago and WPBakery released several updates to the plugin, these patches didn’t fully fix the flaw. Additionally, WPBakery’s onclick functionality for buttons, allowed hackers to add malicious JS code in a button that would run when users click it.įurthermore, contributor and author level users were able to use the vc_raw_js, vc_raw_html, and button using custom_onclick shortcodes to add malicious JavaScript to posts.Īll of these meant that a user with contributor-level access could inject scripts in posts that would later execute once someone accessed the page or clicked a button, using various different methods. So, any user with access to the page builder could potentially inject HTML and JavaScript. This happens because WPBakery disabled default post-HTML filtering checks in the saveAjaxFe function. On top of that, the vulnerability lets these users edit other users’ posts. The flaw allowed authenticated attackers with contributor and author level to inject malicious JavaScript code into posts and pages. Last July, Wordfence discovered a vulnerability in the famous WPBakery page builder. Learn what the flaw can do to your site and how to fix it. WPBakery for WordPress has a severe vulnerability that affects more than 4 million websites. Version 1.0.2 – June 22nd, 2017 Fix: visual text editor Version 1.0.1 – June 22nd, 2017 Fix: icon box colorįix: restyle read more button Version 1.0.If you use WPBakery as a page builder, your site might be at risk. Utilize as many content boxes: services box, team member, social box, testimonials box, awards icons, timeline box, progress box, payment icons, call-to-action box….Compatible with Visual Composer, easy and fast installation.Add link to icon with Open in new tab or Readmore button, custom readmore button.Customize Title and description: change color, size, alignment, font, font-size….Change icon shape, size, color, background color, hover effect, hover color, background hover color, alignment….*Please note that this is an add-on for Visual Composer, so you must install Visual Composer Page Builder first. Get Visual Composer Kit for 40+ interactive and awesome addons. Elegant Icon Box is a useful plugin for Visual Composer which helps you create beautiful content boxes with icons and hover effects! Elegant Icon Box contains bunch of modern box layouts for you to choose, or you could use it to easily customize any box styles as you want.Įlegant Icon Box is specially featured in our powerful visual composer bundle Visual Composer Kit.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |