Hello to all the WP Page Builder users out there. It’s been some time since we last communicated with each other.
Today we are excited to announce an important update to the WP Page Builder plugin. This update fixes some security issues that were brought to our attention by Wordfence. A huge thanks go to “Wordfence” for pointing them out.
Below you will find the changelog for the WP Page Builder v1.2.4 (Free) update:
- Update: Changed the User Role Selection box with proper include options.
- Fix: Data filtering for the user-submitted HTML in the “Raw HTML” add-on.
- Fix: Sanitization and Escaping of user inputs in the fields for the Form type add-ons.
Changed the User Role Select Box with Proper Privileges and Defaults
Previously from the settings menu of WP Page Builder, you could only exclude the user roles you selected. This created a user permission problem where, if the admin of the site didn’t select any role to exclude, then the system would automatically include every user role. That’s obviously not an ideal environment for the admin.
With the latest update, we have fixed this problem. Now only the most privileged users are selected by default and the rest are not permitted to edit or create posts/pages using WP Pagebuilder. As a result, you only need to include user roles that you want to give permission to at your own discretion besides the default roles.
“Raw HTML” add-on Output Sanitization
One of the most popular add-ons in WP Page Builder “Raw HTML”, posed a security risk of not sanitizing Raw HTML codes and malicious scripts that the user might add before saving them in the database.
But with the latest update, there is now an HTML sanitization option for all the users who submitted raw HTML in the text box of the add-on.
Form Text Field Sanitization
Text sanitization for Form Field HTML is now included by default for the data submitted via the input fields. Sanitization is the process that gets rid of any malicious code after saving the information on the database for final production. Although modern Email servers scan every email for security and vulnerabilities before processing them, and yet we added this extra step to be on the safe side.
Update Today to Get the Latest Security Fixes
As you can see from the descriptions above, there are a number of security fixes that have been implemented with the latest update of the WP Page Builder. So we urge that you update to the latest version and make sure your website stays as robust as ever.