Skip to main content

Update WordPress Pagebuilder Plugin To Avoid Potential Hack

By May 25, 2020May 5th, 2022Cybersecurity

Do you use SiteOrigin’s Pagebuilder plugin for WordPress? If so, you’ve got plenty of company.

The intuitive, widget-based plugin has been installed more than a million times and is used by webmasters all over the world to create responsive grid pages for websites.

Unfortunately, a pair of security flaws in the plugin’s code recently came to light that would allow hackers to inject malicious code into the plugin and use it to take complete control over your site.

The good news is that SiteOrigin responded quickly to the discovery and has already issued a patch to fix both of those issues.

The bad news: As of this moment, only about 200,000 webmasters have installed the update, which leaves nearly 800,000 websites vulnerable to the hacks.

Many security flaws are found and fixed before there’s any evidence that hackers are using them in the wild. In this case there’s evidence that hackers are actively employing both of these exploits in ongoing campaigns. So if you haven’t been good about keeping your plugins up to date, you’re probably at risk, and given the fact of an ongoing campaign, it’s just a matter of time before the hackers find you.

The latest version is 2.10.16, and it’s well worth your time to take a few minutes to log into your Admin panel just to make sure you’re using the latest. If not, update the plugin to be sure you’re protected. Not only will it give you peace of mind, it will secure your data, and the data belonging to your customers. That will keep you from being just another statistic as you fall prey to the hackers who are exploiting this weakness.

Kudos to SiteOrigins for their quick response, and to the sharp-eyed researchers who initially found the flaw.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.