Vulnerabilities detected in WPBakery, The WordPress Page Builder.

Defiant Inc, developers of the popular WordFence security plugin for WordPress has reported a cross-site scripting vulnerability with the WPBakery page building plugin for WordPress. The plugin is installed on over four million websites.

WPBakery is currently installed on over 4.3 million websites and one of most popular page building plugins.


The Issue

According to the WordFence blog, the flaw made it possible for authenticated attackers with contributor-level or above permissions to inject malicious JavaScript in posts.


The Resolution

All WordPress users or site owners need to upgrade to the latest version of WPBakery (at the time of writing this is 6.4.1)

The latest version is available at CodeCanyon.