Wpbakery

Posted on  by 



WPBakery Page Builder is a page builder plugin for WordPress which allows you to create stunning website content with simple drag and drop. With WPBakery Page Builder you can create and manage your WordPress content in minutes. WPBakery - pushing WordPress limits is our job. WPBakery is a team of highly talented and experienced professionals who have delivered to you one of the most popular WordPress plugin of all times – WPBakery Page Builder for WordPress with Frontend and Backend editors.

Wpbakery

The Best Counter WPBakery plugin Embedding a Counter app onto your WPBakery site has never been easier. POWR, the leading website plugin library, has a free WPBakery Counter template that is designed to work flawlessly on WPBakery. Create your customized Counter WPBakery app, match your website's style and colors, and add a Counter to your.

WPBakery Page Builder Free Download – WPBakery Page Builder, formerly known as Visual Composer, is the best-selling and most popular drag and drop page builder plugin for WordPress. You can build any type of layout quickly without wasting time with the coding stuff. WPBakery supports two kinds of page editors – Frontend and Backend editor. You can switch between them at any time. I prefer the Backend editor because it is easy to use than the frontend editor. WPBakery page builder has 50+ ready-to-use design elements. Using those elements, you can start building the WordPress page layout within a few minutes. It has almost all the content elements that any WordPress site owner needs to design a beautiful page layout. If you don’t have time to build your website from scratch, then WPBakery Page Builder also has 100+ professionally designed beautiful-looking templates for almost all types of sites. You can import and use them on your website to save time.

WPBakery Page Builder plugin also has the support of many popular third-party plugins like Yoast SEO, Contact Form 7, Revolution Slider, Ninja Forms, etc. WPBakery Page Builder doesn’t affect your site performance; it includes only the JavaScript files on the pages. It can work with any WordPress theme of your choice. If you are a blogger, then with WPBakery Page Builder, you can display your posts or portfolio most stylishly. It supports a most advanced Grid Builder with 40+ pre-made grid element styles and many grid options. Overall, WPBakery Page Builder is recommended for those WordPress site owners who don’t have knowledge of coding languages.

Alternative Plugin: Elementor Pro Latest Version WordPress Page Builder Plugin

Main Features of WPBakery Page Builder Plugin for WordPress

  • Inline frontend editor
  • Backend editor also supported
  • Award-winning page builder
  • Very flexible – can work with almost all themes
  • Ready to import Professionally designed templates
  • 50+ design elements out of the box
  • Allow creating own re-usable templates
  • 250+ unique addons support
  • Loads very fast
  • Multiple color options
  • Padding options
  • Mobile responsive content elements
  • Cross-browser support
  • Most Advanced Grid Layout Builder
  • Compatible with Yoast SEO plugin
  • Custom post type support
  • Custom CSS support
  • Shortcode Mapper
  • Google fonts integration
  • Parallax background
  • Image filters for media

Live Demo/Preview of WPBakery Page Builder for WordPress v6.6.0

Wpbakery

What’s New in WPBakery Page Builder v6.6.0 (Changelog)

Wpbakery Zip

  • New: prettyPhoto removed and Lightbox2 added to the plugin (prettyPhoto will stay for backward compatibility).
  • New: Call to Action element allows to align titles and select tags.
  • New: FlexSlider updated to 2.7.2 version and RTL support improved in WooCommerce products.
  • Update: $post variable added to the grid items filter ‘vc_gitem_post_data_get_link_real_title’.
  • Update: Catalan translation added.
  • Fix: Frontend editor initialization works properly.
  • Fix: Drag and drop for section element works properly in the backend editor.
  • Fix: WPBakery button in the Gutenberg editor works properly.
  • Fix: Request element parameters are passed properly in the edit form.
  • And some other small improvements and bug fixes.

Free Download WPBakery Page Builder v6.6.0 (Latest Version) – WordPress Plugin

Mediafire Link:

http://www.mediafire.com/file/2l6q5ovpj0dwd9i/WPBakery-Page-Builder-v6.6.0.zip

4shared Link:

https://www.4shared.com/zip/rI1ODC2Hea/WPBakery-Page-Builder-v660.html

Recommended Plugin: Yoast SEO Premium – Best SEO Plugin

Recommended Theme: Newspaper Theme Free Download

This entry was posted in Research, Vulnerabilities, WordPress Security on April 21, 2021 by Chloe Chamberland4 Replies

Today, April 21, 2021, the Wordfence Threat Intelligence team became aware of a critical 0-day vulnerability that is being actively exploited in Kaswara Modern WPBakery Page Builder Addons, a premium plugin that we estimate has over 10,000 installations. This vulnerability was reported this morning to WPScan by “Robin Goodfellow.” The exploited flaw makes it possible for unauthenticated attackers to upload malicious PHP files to a WordPress site and ultimately achieve remote code execution to take over the site.

In addition to the actively exploited flaw, we discovered several vulnerable endpoints that could allow attackers to do a wide range of things like deleting arbitrary files and injecting malicious Javascript. Due to the fact that this plugin has been closed and the plugin developer has been unresponsive, we urge you to remove this plugin completely from your WordPress site immediately. We have identified several vulnerabilities in this plugin which could allow unauthenticated attackers the ability to take over vulnerable WordPress sites, and numerous other vulnerabilities with lesser impacts.

Wordfence Premium customers received firewall rules this morning, on April 21, 2021, to protect against active exploitation of these vulnerabilities. Wordfence users still using the free version will receive the same protection on May 21, 2021.

Description: Arbitrary File Upload/Deletion and Other
Affected Plugin: Kaswara Modern WPBakery Page Builder Addons
Plugin Slug: kaswara
Affected Versions: <= 3.0.1
CVE ID:CVE-2021-24284
CVSS Score: 10.0 (Critical)
CVSS Vector:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Fully Patched Version: NO AVAILABLE PATCH.

At this time, we are releasing minimal details due to this being an actively exploited vulnerability with no available patch. We may decide to release more details in the future, but in the meantime we recommend you take appropriate measures to secure your site.

Indicators of Compromise

Wpbakery Gpl

At this time, we have limited indicators of compromise. However, based on the functionality of the vulnerability we recommend checking the /wp-content/uploads/kaswara/ directory and all subdirectories for any PHP files. If you find a PHP file in this directory, you can assume that your site has been compromised and you should trigger the site cleaning process that is outlined here.

The following files being found on infected sites (special thanks to Salvador Aguilar and WPScan for reporting these findings):

  • /wp-content/uploads/kaswara/icons/kntl/img.php
  • /wp-content/uploads/kaswara/fonts_icon/15/icons.php
  • /wp-content/uploads/kaswara/icons/brt/t.php
  • /wp-content/uploads/kaswara/fonts_icon/jg4/coder.php

We will update this section as we learn more.

Response timeline

April 21, 2021 2:22 PM UTC – New vulnerability entry in WPScan reporting 0-day vulnerability in the Modern WPBakery Page Builder Addons plugin. Wordfence Threat Intelligence is alerted to the new vulnerability report and begins to triage the vulnerability immediately.
April 21, 2021 2:57 PM UTC – We verify the existence of the vulnerability and create a proof of concept.
April 21, 2021 3:00 PM UTC – We create and begin testing a firewall rule to protect against the vulnerability.
April 21, 2021 3:08 PM UTC – We discover additional vulnerable endpoints and tailor the WAF rule to provide protection against these additional vulnerabilities. Testing continues on WAF rule.
April 21, 2021 3:48 PM UTC – The first firewall rule is deployed to premium users.
April 21, 2021 4:14 PM UTC – We create and begin testing a second firewall rule to protect against additional vulnerabilities found in the plugin.
April 21, 2021 4:26 PM UTC – The second firewall rule is deployed to premium users.
May 21, 2021 – Wordfence Free users receive the firewall rules.

Conclusion

In today’s post, we detailed a zero-day vulnerability that is being actively exploited in Kaswara Modern WPBakery Page Builder Addons, a plugin containing numerous vulnerabilities unauthenticated attackers can use to upload malicious files, among many other flaws. This can be used to completely take over a WordPress site. These vulnerabilities currently remain unpatched as of this morning and, therefore, we strongly recommend deactivating and removing the plugin until a patch has been released. Due to the developer’s unresponsiveness, a patch may not be released, in which case we recommend finding a reasonable replacement that is being actively maintained by its developer.

Wordfence Premium customers received firewall rules on April 21, 2021 to protect against the active exploitation of this vulnerability and the additional vulnerabilities we discovered. Wordfence users still using the free version will receive the same protection on May 21, 2021.

Please forward and share this post widely so that those WordPress site owners using this vulnerable plugin can take fast action to protect their sites as this zero-day vulnerability is currently being exploited in the wild.

Special thanks to Ramuel Gall, Wordfence Threat Analyst and QA Engineer, for his research pertaining to the vulnerability and his assistance in getting a firewall rule out quickly to our customers.





Coments are closed