Beware of scary security headlines.

There’s Bold, and then there’s BoldGrid

News

BoldGrid Remains Secure

Over the Labor Day holiday weekend in 2019, a somewhat sensationalized WordPress security alert was posted on the popular economics and news website Forbes.

Specifically, it warned that 60 Million WordPress users were at risk from a newly identified Cross-Site Scripting (XSS) attack, which had been first described by WordFence Security Expert Mikey Veenstra.

I say “somewhat sensationalized” because the vulnerability, while serious in nature, is currently only attacking a few plugins in the WordPress Repository, most of which have already been updated to resolve the issue that left the plugins vulnerable. Those that have not been updated have been removed from the repository. It did not threaten 60 Million users, only those using these plugins which had the vulnerability.

Vulnerabilities like this one are not new in the WordPress ecosystem. At the time of this writing, there are over 55,000 plugins available for free in the WordPress Repository. These types of vulnerabilities can be prevented by plugin developers using WordPress’ built-in security protocols, such as sanitizing data, checking user capabilities via nonces, both of which are outlined in the plugin developer’s handbook.

At BoldGrid, we pride ourselves on the quality and security of every plugin and theme that we publish. Our plugins and themes have been downloaded over 225,000 times, and we recognize that this is a tremendous responsibility that we owe to our user community.

 

“At BoldGrid, we pride ourselves on the quality and security of every plugin and theme that we publish. [We] recognize that this is a tremendous responsibility that we owe to our user community.
With over 55,000 plugins available… it’s no surprise that some [have] similar names. We are not affiliated with BoldThemes or the Bold Page Builder in any way.”

The Bold Page Builder Vulnerability

That’s why we were surprised when we came in after the holiday weekend to find a number of emails and support tickets asking us when we were going to push a fix for the vulnerability. One of the plugins that was (temporarily) affected by the vulnerability was the Bold Page Builder by BoldThemes.

With over 55,000 plugins available in the WordPress repository, it’s no surprise that some end up with very similar names. We are not affiliated with BoldThemes or the Bold Page Builder in any way. It should also be noted that the BoldThemes team published updates to their plugin fixing the vulnerability even before the Forbes article was published.

Of course, you should always pay attention to WordPress security news, but experts agree that the most important things you can do to keep your site safe are to use strong passwords, keep your plugins and themes up-to-date, and keep regular offsite backups.