Catalin Ciobanu

Hello,

If you update to the latest version the problem should be fixed.

The patchstack report also got updated mentioning that the issue was solved.

https://patchstack.com/database/vulnerability/colibri-page-builder/wordpress-colibri-page-builder-plugin-1-0-239-cross-site-scripting-xss-vulnerability

Hello,

We have release and update in which the issue was fixed.

To check for the latest updates please access WP-Admin -> Updates -> Dashboard -> Check Again and see if you have the latest versions installed.

Hi,

We released an update to fix the XSS issue. You can update the plugin to get the security fix.

The patchstack page got updated with the status of vulnerability: https://patchstack.com/database/vulnerability/colibri-page-builder/wordpress-colibri-page-builder-plugin-1-0-239-cross-site-scripting-xss-vulnerability?_a_id=110

Thank you, and we apologize for any inconvenience!

Hi?@polofilm,

We are currently conducting a thorough investigation into the issue.

Cross-site scripting is usually performed on websites where users are registered and have some sort of basic access or privileges, such as Contributors. You can try disabling user registration on your websites if it’s not something that you need. This can be done from your WP Admin Panel > Settings > General page, by unchecking the Membership option (Anyone can register).

Once we have more information, we’ll patch the issue and release an update.

Thank you, and we apologize for any inconvenience!