News & Updates 2 Min Read

WP Page Builder Updated: Security Issues Fixed (Thanks to Wordfence)

WP Page Builder Updated: Security Issues Fixed (Thanks to Wordfence)

Hello to all the WP Page Builder users out there. It’s been some time since we last communicated with each other.

Today we are excited to announce an important update to the WP Page Builder plugin. This update fixes some security issues that were brought to our attention by Wordfence. A huge thanks go to “Wordfence” for pointing them out.

Below you will find the changelog for the WP Page Builder v1.2.4 (Free) update:

  • Update: Changed the User Role Selection box with proper include options.
  • Fix: Data filtering for the user-submitted HTML in the “Raw HTML” add-on.
  • Fix: Sanitization and Escaping of user inputs in the fields for the Form type add-ons.

Changed the User Role Select Box with Proper Privileges and Defaults

Changed the User Role Select Box with Proper Privileges and Defaults with Exclude user option
Previous User Role Permission Settings

Previously from the settings menu of WP Page Builder, you could only exclude the user roles you selected. This created a user permission problem where, if the admin of the site didn’t select any role to exclude, then the system would automatically include every user role. That’s obviously not an ideal environment for the admin.

Changed the User Role Select Box with Proper Privileges and Defaults with include user roles option
New User Role Permission Settings

With the latest update, we have fixed this problem. Now only the most privileged users are selected by default and the rest are not permitted to edit or create posts/pages using WP Pagebuilder. As a result, you only need to include user roles that you want to give permission to at your own discretion besides the default roles.

“Raw HTML” add-on Output Sanitization

“Raw HTML” add-on Output Sanitization feature for WP Page Builder
“Raw HTML” add-on Sanitization

One of the most popular add-ons in WP Page Builder “Raw HTML”, posed a security risk of not sanitizing Raw HTML codes and malicious scripts that the user might add before saving them in the database.

But with the latest update, there is now an HTML sanitization option for all the users who submitted raw HTML in the text box of the add-on.

Form Text Field Sanitization

Form Text Field Sanitization Feature WP Page Builder
Form Field Texts Sanitization

Text sanitization for Form Field HTML is now included by default for the data submitted via the input fields. Sanitization is the process that gets rid of any malicious code after saving the information on the database for final production. Although modern Email servers scan every email for security and vulnerabilities before processing them, and yet we added this extra step to be on the safe side.

Update Today to Get the Latest Security Fixes

As you can see from the descriptions above, there are a number of security fixes that have been implemented with the latest update of the WP Page Builder. So we urge that you update to the latest version and make sure your website stays as robust as ever.

Leave a Comment