Hello to all the WP Page Builder users out there. It’s been some time since we last communicated with each other.
Today we are excited to announce an important update to the WP Page Builder plugin. This update fixes some security issues that were brought to our attention by Wordfence. A huge thanks go to “Wordfence” for pointing them out.
Below you will find the changelog for the WP Page Builder v1.2.4 (Free) update:
Previously from the settings menu of WP Page Builder, you could only exclude the user roles you selected. This created a user permission problem where, if the admin of the site didn’t select any role to exclude, then the system would automatically include every user role. That’s obviously not an ideal environment for the admin.
With the latest update, we have fixed this problem. Now only the most privileged users are selected by default and the rest are not permitted to edit or create posts/pages using WP Pagebuilder. As a result, you only need to include user roles that you want to give permission to at your own discretion besides the default roles.
One of the most popular add-ons in WP Page Builder “Raw HTML”, posed a security risk of not sanitizing Raw HTML codes and malicious scripts that the user might add before saving them in the database.
But with the latest update, there is now an HTML sanitization option for all the users who submitted raw HTML in the text box of the add-on.
Text sanitization for Form Field HTML is now included by default for the data submitted via the input fields. Sanitization is the process that gets rid of any malicious code after saving the information on the database for final production. Although modern Email servers scan every email for security and vulnerabilities before processing them, and yet we added this extra step to be on the safe side.
As you can see from the descriptions above, there are a number of security fixes that have been implemented with the latest update of the WP Page Builder. So we urge that you update to the latest version and make sure your website stays as robust as ever.