On May 4, 2020, two vulnerabilities were discovered on the Page Builder by SiteOrigin plugin, a WordPress plugin actively installed on over 1,000,000 sites.
If an attacker can trick a site administrator to perform a planned action such as clicking a malicious link, this can potentially allow attackers to forge requests on behalf of that site administrator and execute malicious code in the admin’s browser. This is a critical security issue that could lead to full site takeover.
The plugin developer has since released an update with the patch for these vulnerabilities.
If you are using the Page Builder by SiteOrigin plugin, we recommend an immediate update to the latest version available. At the time of writing, that is version 2.10.16.
For more information please check the official public release.
If you have questions, don’t hesitate to contact our support team.