WPBakery Security Issue and patch or update

I just recieved this notification from WordFence. When will you be issuing an update so that your users who have installed this can get the patch ? In the interim people can make sure they do not have any unknown contributor or author user accounts on their WordPress site and if so, delete them.

… Cross-Site Scripting vulnerability discovered in the WPBakery plugin which is installed on over 4 million sites. This vulnerability has been fully patched in version 4.6.1.

[The official Wordfence blog has full details, as well as what you need to do in order to protect your site from this vulnerability.] https://www.wordfence.com/blog/2020/10/vulnerability-exposes-over-4-million-sites-using-wpbakery

Hello @GeorgiaG,

Thank you for the information. Our developers are currently testing for conflict and incompatibility issues between the WPBakery and the theme. Once they are done the testing, it should be available soon thereafter.

Please bear with us.

My Plugins page show there it’s new version 4.6.1 but even I got license validate there it’s no option to update and time running. Did you know when this can be solved?

Hi @clinic,

Can you please specify about which plugin you are talking about. I would like suggest you to verify the plugin verions with our version compatibility page to check the updated and supported version of extensions.

Thanks

Hi

I mean WPBakery plugin, there it’s vulnerability discovered, and I can update to 4.6 but there it’s another update to 4.6.1 which solve probably this problem, and I can’t update to that version.

Hi @clinic,

The updated version of the WP Bakery plugin comes with the theme is 6.4.0. If any new version is released by the plugin author, it will be added after the compatibility test before releasing it with the theme bundle.
I would suggest you stick with the version that the theme provides and verify the supported version at our version compatibility page.

Thanks

Just dropping in here, same issue as @clinic.

WP Bakery has released 6.4.1, because 6.4.0 has a serious vulnerability. But X theme still only allows updates up to 6.4.0. You need to fix that immediately.

@tristup it’s that what I mean

Hello @Inproma,

Thanks for writing to us.

We are sorry for your inconvenience. Our development team is currently testing for conflict and incompatibility issues between the WPBakery and the theme. Once they are done the testing, the WPBakery plugin would be available to upgrade.
Please bear with us.
Thanks

This is a critical security update that we need to have available. Please have the dev team place this at the urgent level of importance so we may address this security alert vulnerability - we have many client’s who’s websites are now displaying critical security alerts!

Hey There,

The new version is scheduled to be released today and will be available via automatic updates.

@rubin
Good morning. Was the update released yesterday? When I attempt to update WPBakery in our X theme I get an error that the package is not available.

We look forward to hearing from you.

Hello @Gagnon

You can update the WPBakery plugin from the installed plugin list.

1. Go to your Dashboard —>Plugins
2. Find the WPBakery plugin and click on Update

Please have a look at the given screenshot below

Plugins-‹-Barber-Site-—-WordPress1104×210 56.1 KB

If it doesn’t work for you then deactivate and delete the WPBakery plugin and after that reinstall the plugin from X/Pro–>Validation

Thanks

@prakash_s
Thanks so much. It worked like a charm.
Thanks for the quick response. Much appreciated.

Yor are welcome @Gagnon

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.