-
Posts
-
Wordfence Security has broadcast a Critical Problem notice:
The Plugin “Post and Page Builder” has a security vulnerability.
Vulnerability Severity: 4.3/10.0 (Medium).
Anyone working on a fix? When can we expect one?Hi rfahn,
Thank you for reaching out with your BoldGrid Post and Page Builder for questions.
I tested Wordfence with Post and Page Builder and your Westview theme but I’m not recieving the same message as you pertaining to vulnerabilities. As far as I’m aware of no critical issues have been brought to our attention recently. The most stable Post and Page Builder version should be 1.24.1.
We would need some additional information on your website to test this such as your:
1. PHP Version #
2. WordPress Version #
3. Post and Page Builder Version #
4. Steps you took to locate this message in Wordfence.
5. When did you first noticed the issue? After an update or theme change perhaps?Thanks rfhan, if we can identify any vulnerabilities in Post and Page Builder our devs will look into resolving them right away. We look forward to assisting you further with this!
Hi, Brandon C,
Thanks for the quick response. Here is the additional info you requested:
We would need some additional information on your website to test this such as your:
1. PHP Version #8.0.30 (Supports 64bit values)
2. WordPress Version #6.3.1
3. Post and Page Builder Version #1.24.1
4. Steps you took to locate this message in Wordfence.
WordFence emailed me and directed me to the latest scan results of my website, listed on my BoldGrid’s Wordfence section. Here is the contents of the email I received from Wordfence:“This email was sent from your website “Home At First” by the Wordfence plugin.
Wordfence found the following new issues on “Home At First”.
Alert generated at Sunday 27th of August 2023 at 02:13:11 AM
See the details of these scan results on your site at: https://homeatfirst.com/wp-admin/admin.php?page=WordfenceScan
Critical Problems:
* The Plugin “Post and Page Builder” has a security vulnerability.
Vulnerability Severity: 4.3/10.0 (Medium) Vulnerability Information
https://wordpress.org/plugins/post-and-page-builder/#developers”Following my receipt of this email from WordFence, I followed the link to the Wordfence scan page for more details. I also visited the WordPress link for Post and Page Builder developers.
5. When did you first noticed the issue? After an update or theme change perhaps?
WordFence notified me by email following its routine scan of my website on 27AUG23. Here is the message from Wordfence the Scan Results page of my website that triggered my inquiry to you:“Plugin Name: Post and Page Builder
Current Plugin Version: 1.24.1
Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “Post and Page Builder” until a patched version is available. Get more information.(opens in new tab)
Repository URL: https://wordpress.org/plugins/post-and-page-builder(opens in new tab)
Vulnerability Information: https://www.wordfence.com/threat-intel/vulnerabilities/id/bf801042-5cd5-424f-a25a-858302285170?source=plugin(opens in new tab)
Vulnerability Severity: 4.3/10.0 (Medium)”Thanks, again, Brandon for quickly responding. I hope you’re correct that this WordFence report is inaccurate. If indeed it does prove accurate, I hope BoldGrid developers can quickly find and fix the vulnerabilities. My site and thousands of others are built using Post and Page Builder. Losing it would mean virtually starting over.
Best—
rfahnHi Rfahn,
I spoke with our developers about this and they are aware of the issue. They confirmed that based on the notice it means that there is a POSSIBLE vulnerability, although it is not a serious one. The worst possible thing someone could do, is trick a user into opening a link that would change their default editor setting.
However, we do take all CSRF vulerabilities seriously, and are working on a patch now. I really hope this helps, you can contact us using this thread at any time for updates.
Hi Rfahn,
I just received word from our developers that this issue has been patched in Post and Page Builder version 1.24.2 which has just now been released. Please note that the notice in WordFence will not go away until a new scan is run AFTER updating Post and Page Builder. This can be done manually from your WordPress dashboard in WordFence > Scans.
Thanks for working with us through this Rfahn! Please let us know if there’s anything else we can help with.
Thanks for the positive update. Happy to have helped even in a small way. In complex issues like these, communal support groups sometimes make things more complex by clouding the issues. It’s great that they can also help arrive at quick solutions.
Thanks for your continued excellent support.
- The topic ‘Wordfence showing critical security vulnerability in Post and Page Builder’ is closed to new replies.
