Security issue: Cross Site Scripting (XSS) vulnerability

  • Hope to get new updated version soon, for there is no way to fix the problem, If deactivated, the site gets broken

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Iulian Palade

    (@iulianp)

    Hi @seriqulle,

    We are currently conducting a thorough investigation into the issue.

    Cross-site scripting is usually performed on websites where users are registered and have some sort of basic access or privileges, such as Contributors. You can try disabling user registration on your websites if it’s not something that you need. This can be done from your WP Admin Panel > Settings > General page, by unchecking the Membership option (Anyone can register).

    Once we have more information, we’ll patch the issue and release an update.

    Thank you, and we apologize for any inconvenience!

    Plugin Support cristianbarbu

    (@cristianbarbu)

    Hi,

    We are currently conducting a thorough investigation into the issue.

    Cross-site scripting is usually performed on websites where users are registered and have some sort of basic access or privileges, such as Contributors. You can try disabling user registration on your websites if it’s not something that you need. This can be done from your WP Admin Panel > Settings > General page, by unchecking the Membership option (Anyone can register).

    Once we have more information, we’ll patch the issue and release an update.

    Thank you, and we apologize for any inconvenience!

    Plugin Support cristianbarbu

    (@cristianbarbu)

    Hello,

    We have release and update in which the issue was fixed.

    To check for the latest updates please access WP-Admin -> Updates -> Dashboard -> Check Again and see if you have the latest versions installed.

    Hi,

    We released an update to fix the XSS issue. You can update the plugin to get the security fix.

    The patchstack page got updated with the status of vulnerability: https://patchstack.com/database/vulnerability/colibri-page-builder/wordpress-colibri-page-builder-plugin-1-0-239-cross-site-scripting-xss-vulnerability?_a_id=110

    Thank you, and we apologize for any inconvenience!

    Thread Starter seriqulle

    (@seriqulle)

    Vulnerable Software

    This website was last checked against the vulnerability database on 01/04/2024 (11:57 AM).

    Real-Time Updates InactiveVirtual Patching Inactive

    Powered byTYPEVULNERABILITYSEVERITYSTATUSDATEACTIONPlugin

    Colibri Page Builder<= 1.0.239Cross Site Scripting (XSS)6.5 Unresolved

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Security issue: Cross Site Scripting (XSS) vulnerability’ is closed to new replies.