Monday, March 8, 2021
  • About Us
  • Contact Us
  • Deals & Coupons
  • Privacy Policy
  • Terms & Conditions
Cloud Host News
  • Home
  • Hosting
    NetApp Becomes Technology Partner of DHPA

    NetApp Becomes Technology Partner of DHPA

    Managed WordPress Hosting Provider DreamHost Partners with Lendio

    DreamHost, a Managed WordPress Hosting Provider Partners with Lendio

    The Events Calendar

    Liquid Web Acquires ‘The Events Calendar’ a Popular WordPress Plugin

    HostPapa acquires another Canadian web hosting company

    HostPapa acquires another Canadian web hosting company

    Web.com releases new lineup of Pro Services(Pro SEO and Pro Website)

    Web.com releases new lineup of Pro Services(Pro SEO and Pro Website)

    Loopia Picks EcoDataCenter From Sweden for Sustainable Data Center Services.

    Loopia Picks EcoDataCenter From Sweden for Sustainable Data Center Services.

    Trending Tags

    • Hosting
    • A2 Hosting
    • web hosting
    • Cloud Hosting
    • free hosting
    • DreamHost
  • Cloud
    Google to Now Speed up Chrome’s Release Cycle to 4 Weeks

    Google to Now Speed up Chrome’s Release Cycle to 4 Weeks

    IBM has Appointed Kathryn Guarini as Chief Information Officer (CIO)

    IBM has Appointed Kathryn Guarini as Chief Information Officer (CIO)

    Salesforce Beats Q4 Estimates, Slack Adds Record Number of Paid Customers

    Salesforce Beats Q4 Estimates, Slack Adds Record Number of Paid Customers

    Bitcoin Plummeted $8000 After Elon Musk's Concerns Over Rally

    Bitcoin Plummeted $8000 After Elon Musk’s Concerns Over Rally

    Red Hat's OpenShift Platform Released on IBM Power Virtual Servers

    Red Hat’s OpenShift Platform Released on IBM Power Virtual Servers

    Amazon Web Services (AWS) Expands into Adelaide, South Australia

    Amazon Web Services (AWS) Expands into Adelaide, South Australia

    Trending Tags

    • Cloud
    • Private Cloud Hosting
    • Google Cloud Platform
    • Cloud Hosting
    • Google Cloud
  • Network/Internet
    Brave Browser Becomes the First Browser to Integrate IPFS Protocol

    Brave Browser Becomes the First Browser to Integrate IPFS Protocol

    ICANN70 to be Held Online on 22-25 March

    ICANN70 to be Held Online on 22-25 March

    OneWeb Plans to Offer High-Speed Internet in India by Q2 2022

    OneWeb Plans to Offer High-Speed Internet in India by Q2 2022

    Cloudflare and Apple Team Up to Develop New Internet Protocol

    Cloudflare and Apple Team Up to Develop New Internet Protocol

    ZenFi Networks Extends Network Capabilities

    ZenFi Networks Extends Network Capabilities

    Spark and NNNCo agree to trans-Tasman IoT network sharing

    Spark and NNNCo agree to trans-Tasman IoT network sharing

    Trending Tags

    • network security
    • 5G Network
    • Network OS
    • 5G Network Solution
    • Dark Fiber Network
  • Security
    Chrome Will Soon Try HTTPS First When You Type an Incomplete URL

    Chrome Will Soon Try HTTPS First When You Type an Incomplete URL

    Subscribe to our newsletter for the latest security news right from the security and research industries.

    Microsoft Announced SolarWinds Hackers Downloaded Some Azure, Exchange Source Code

    Microsoft Azure and Canonical Ubuntu Linux Have a User Privacy Issue

    Microsoft Azure and Canonical Ubuntu Linux Have a User Privacy Issue

    Chrome Sync Feature Exploited

    Hackers May Use Malicious Chrome Sync Feature to Steal Your Data

    Google Fixes Zero-day Vulnerability in Chrome 88.0.4324.150

    Google Fixes Zero-day Vulnerability in Chrome 88.0.4324.150

    RiskIQ Releases a Tool That Can Create Phishing Pages In Real-Time

    RiskIQ Releases a Tool That Can Create Phishing Pages In Real-Time

    Trending Tags

    • cybersecurity
    • Cloud Security
    • network security
    • WordPress Security
    • Secure Colocation Facility
  • Linux
    Linux Kernel 5.12

    First Linux Kernel 5.12 Release Candidate Is Now Generally Available

    Ubuntu 20.04.2 LTS Re-Released

    Ubuntu 20.04.2 LTS Re-Released Due to OEM Install Bug

    Linux Kernel 5.11

    Linus Torvalds Declares First Linux Kernel 5.11 Release Candidate (RC)

    Major Linux Kernel Update Released to Fix 14 Vulnerabilities

    Major Linux Kernel Update Released to Fix 14 Vulnerabilities

    Linux Kernel 5.8

    Linux Kernel 5.8 Reaches EOL, Users Advised to Upgrade to Linux 5.9 Series

    Oracle Linux 7.9

    Oracle Linux 7.9 Update: Oracle Releases Oracle Linux 7.9

    Trending Tags

    • Linux Kernel
    • Linux Torvalds
    • Oracle Linux latest news
    • Oracle Linux latest update
  • More
    • Big Data
    • Blockchain
    • Games
    • Hardware
    • Software
    • Windows
    • Press Release
No Result
View All Result
Cloud Host News
  • Home
  • Hosting
    NetApp Becomes Technology Partner of DHPA

    NetApp Becomes Technology Partner of DHPA

    Managed WordPress Hosting Provider DreamHost Partners with Lendio

    DreamHost, a Managed WordPress Hosting Provider Partners with Lendio

    The Events Calendar

    Liquid Web Acquires ‘The Events Calendar’ a Popular WordPress Plugin

    HostPapa acquires another Canadian web hosting company

    HostPapa acquires another Canadian web hosting company

    Web.com releases new lineup of Pro Services(Pro SEO and Pro Website)

    Web.com releases new lineup of Pro Services(Pro SEO and Pro Website)

    Loopia Picks EcoDataCenter From Sweden for Sustainable Data Center Services.

    Loopia Picks EcoDataCenter From Sweden for Sustainable Data Center Services.

    Trending Tags

    • Hosting
    • A2 Hosting
    • web hosting
    • Cloud Hosting
    • free hosting
    • DreamHost
  • Cloud
    Google to Now Speed up Chrome’s Release Cycle to 4 Weeks

    Google to Now Speed up Chrome’s Release Cycle to 4 Weeks

    IBM has Appointed Kathryn Guarini as Chief Information Officer (CIO)

    IBM has Appointed Kathryn Guarini as Chief Information Officer (CIO)

    Salesforce Beats Q4 Estimates, Slack Adds Record Number of Paid Customers

    Salesforce Beats Q4 Estimates, Slack Adds Record Number of Paid Customers

    Bitcoin Plummeted $8000 After Elon Musk's Concerns Over Rally

    Bitcoin Plummeted $8000 After Elon Musk’s Concerns Over Rally

    Red Hat's OpenShift Platform Released on IBM Power Virtual Servers

    Red Hat’s OpenShift Platform Released on IBM Power Virtual Servers

    Amazon Web Services (AWS) Expands into Adelaide, South Australia

    Amazon Web Services (AWS) Expands into Adelaide, South Australia

    Trending Tags

    • Cloud
    • Private Cloud Hosting
    • Google Cloud Platform
    • Cloud Hosting
    • Google Cloud
  • Network/Internet
    Brave Browser Becomes the First Browser to Integrate IPFS Protocol

    Brave Browser Becomes the First Browser to Integrate IPFS Protocol

    ICANN70 to be Held Online on 22-25 March

    ICANN70 to be Held Online on 22-25 March

    OneWeb Plans to Offer High-Speed Internet in India by Q2 2022

    OneWeb Plans to Offer High-Speed Internet in India by Q2 2022

    Cloudflare and Apple Team Up to Develop New Internet Protocol

    Cloudflare and Apple Team Up to Develop New Internet Protocol

    ZenFi Networks Extends Network Capabilities

    ZenFi Networks Extends Network Capabilities

    Spark and NNNCo agree to trans-Tasman IoT network sharing

    Spark and NNNCo agree to trans-Tasman IoT network sharing

    Trending Tags

    • network security
    • 5G Network
    • Network OS
    • 5G Network Solution
    • Dark Fiber Network
  • Security
    Chrome Will Soon Try HTTPS First When You Type an Incomplete URL

    Chrome Will Soon Try HTTPS First When You Type an Incomplete URL

    Subscribe to our newsletter for the latest security news right from the security and research industries.

    Microsoft Announced SolarWinds Hackers Downloaded Some Azure, Exchange Source Code

    Microsoft Azure and Canonical Ubuntu Linux Have a User Privacy Issue

    Microsoft Azure and Canonical Ubuntu Linux Have a User Privacy Issue

    Chrome Sync Feature Exploited

    Hackers May Use Malicious Chrome Sync Feature to Steal Your Data

    Google Fixes Zero-day Vulnerability in Chrome 88.0.4324.150

    Google Fixes Zero-day Vulnerability in Chrome 88.0.4324.150

    RiskIQ Releases a Tool That Can Create Phishing Pages In Real-Time

    RiskIQ Releases a Tool That Can Create Phishing Pages In Real-Time

    Trending Tags

    • cybersecurity
    • Cloud Security
    • network security
    • WordPress Security
    • Secure Colocation Facility
  • Linux
    Linux Kernel 5.12

    First Linux Kernel 5.12 Release Candidate Is Now Generally Available

    Ubuntu 20.04.2 LTS Re-Released

    Ubuntu 20.04.2 LTS Re-Released Due to OEM Install Bug

    Linux Kernel 5.11

    Linus Torvalds Declares First Linux Kernel 5.11 Release Candidate (RC)

    Major Linux Kernel Update Released to Fix 14 Vulnerabilities

    Major Linux Kernel Update Released to Fix 14 Vulnerabilities

    Linux Kernel 5.8

    Linux Kernel 5.8 Reaches EOL, Users Advised to Upgrade to Linux 5.9 Series

    Oracle Linux 7.9

    Oracle Linux 7.9 Update: Oracle Releases Oracle Linux 7.9

    Trending Tags

    • Linux Kernel
    • Linux Torvalds
    • Oracle Linux latest news
    • Oracle Linux latest update
  • More
    • Big Data
    • Blockchain
    • Games
    • Hardware
    • Software
    • Windows
    • Press Release
No Result
View All Result
Cloud Host News
No Result
View All Result
Home Software

Page Builder by SiteOrigin, a WordPress plugin patched

Sienna Rowley by Sienna Rowley
May 12, 2020
in Software
0 0
0
Page Builder by SiteOrigin, a WordPress plugin patched

WordPress plugin ‘Page Builder’ by SiteOrigin was revealed to vulnerabilities that exposed websites to code execution attacks. The plugin that was developed by Greg Priday is a drag-and-drop page production plugin utilized for building mobile-ready content. The software is currently installed on over one million websites.

On May 4 the Wordfence Threat Intelligence team found the bugs. Both of the vulnerabilities in the plugin lets attackers duplicate requests on part of a site administrator and perform malicious code in the administrator’s browser, as per the researchers, an admin still require to click a malicious link or attachment to trigger the attack chain. The problems have still to be allocated CVE numbers. However, both are considered severe.

The first vulnerability, a cross-site request fraud (CSRF) to followed cross-site scripting (XSS) vulnerability, was discovered in the plugin’s live editor feature.

The live editor is utilized to drag and drop widgets as well as generate and update post content. Alterations done to content are sent through a POST parameter and checks in metadata functions are executed to ensure users have the authority to edit posts. Yet, there were no protections in place.

As a result, few widgets consisting of “Custom HTML” could be practiced to inject malicious JavaScript into an executed live page. If a crafted live preview page carrying this compromised widget was obtained by an administrator, this headed to the CSRF / reflected XSS flaw.

The security defects were revealed to the developer on the same day of discovery, May 4. Priday confirmed the report and had a patch available which was issued within 24 hours. Wordfence appreciated the developer for a remarkably quick response and for issuing the patch very swiftly.

The newest version of the plugin, v. 2.10.16, has fixed the issues. 66.6% of all users have updated their builds. It is suggested that users make certain they are up-to-date.

Download Best WordPress Themes Free Download
Download Best WordPress Themes Free Download
Premium WordPress Themes Download
Download WordPress Themes Free
free download udemy course
download xiomi firmware
Download Nulled WordPress Themes
free download udemy course

Oh hi, there 👋 It’s nice to meet you.

Sign up to receive daily news update in your inbox.

We don’t spam! Read our privacy policy for more info.

Check your inbox or spam folder to confirm your subscription.

Tags: CSRFVulnerabilityWordPressWordPress vulnerabilityXSS
ShareTweetShare
Previous Post

Fastly announced support for HTTP/3 and QUIC

Next Post

Multi-cloud platforms delivers classification and specific technologies

Sienna Rowley

Sienna Rowley

Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. In her free time, she is a modest family woman who loves traveling.

Related Posts

Google Chrome is Experimenting Tab Scrolling Feature
Software

Google Chrome is Experimenting Tab Scrolling Feature

February 13, 2021
CentOS Linux Alternative AlmaLinux Beta Is Out Now
Software

CentOS Linux Alternative AlmaLinux Beta Is Out Now

February 2, 2021
Signal App may Release These 8 WhatsApp-like Features in Future Updates
Software

Signal App May Release These 7 WhatsApp-like Features in Future Updates

January 27, 2021
The Chrome 88 Update Brings Enhanced Password Protection
Software

The Chrome 88 Update Brings Enhanced Password Protection

January 20, 2021
6 Simple Steps to Move WhatsApp Group To Signal
Software

6 Simple Steps to Move WhatsApp Group To Signal

January 13, 2021
Signal WhatsApp Alternative
Software

WhatsApp Alternative ‘Signal App’ Crashes Due to Surge in New Users

January 13, 2021
WhatsApp Vs Signal Vs Telegram Vs Messenger
Software

WhatsApp Vs Signal Vs Telegram Vs Messenger: What Data Does Each App Collect & Which One is Safe?

January 9, 2021
Red Hat is Acquiring StackRox a Container Security Company
Software

Red Hat is Acquiring StackRox a Container Security Company

January 8, 2021
WhatsApp Updates its ToS (Terms of Service): Accept or Lose Access
Software

WhatsApp Updates its TOS (Terms of Service)

January 6, 2021
Load More
Next Post
Multi-cloud platforms delivers classification and specific technologies

Multi-cloud platforms delivers classification and specific technologies

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

cheap linux hostingcheap linux hostingcheap linux hosting
ADVERTISEMENT

Follow Us

Trending News

Interxion Begins Construction of Third Data Center in Brussels, Belgium

Interxion Begins Construction of Third Data Center in Brussels, Belgium

March 8, 2021
Google to Now Speed up Chrome’s Release Cycle to 4 Weeks

Google to Now Speed up Chrome’s Release Cycle to 4 Weeks

March 5, 2021
Best Web Hosting Companies in India

Top 10 Best Web Hosting Companies in India (2021)

March 5, 2021
Microsoft Announces Windows Server 2022 with New Security Features

Microsoft Announces Windows Server 2022 with New Security Features

March 3, 2021
IBM has Appointed Kathryn Guarini as Chief Information Officer (CIO)

IBM has Appointed Kathryn Guarini as Chief Information Officer (CIO)

March 2, 2021
Cloud Host News

Find the best web hosting news, articles, reviews, tutorials, solution and latest videos related to cloud computing , hosting, security, Linux, domain & more.

Categories

  • Blockchain
  • Cloud
  • Data Centers
  • Games
  • Hardware
  • Hosting
  • Linux
  • Network/Internet
  • Press Release
  • Security
  • Software
  • Top 10
  • Windows

Search

No Result
View All Result

Pages

  • About Us
  • Contact Us
  • Deals & Coupons
  • Home
  • Privacy Policy
  • Terms & Conditions

© 2020 Cloudhostnews - Technology News Updates Cloudhostnews. Privacy Policy & Terms & Conditions

No Result
View All Result
  • Home
  • Hosting
  • Cloud
  • Network/Internet
  • Security
  • Linux
  • More
    • Big Data
    • Blockchain
    • Games
    • Hardware
    • Software
    • Windows
    • Press Release

© 2020 Cloudhostnews - Technology News Updates Cloudhostnews. Privacy Policy & Terms & Conditions

Login to your account below

Forgotten Password? Sign Up

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In