WordPress WPBakery vulnerability exposes over 4 million web sites
In the first instance, we highly recommend updating to the latest version, 6.4.1 as of today (8 October 2020), immediately. While doing so, we also recommend verifying that you do not have any untrusted contributor or author user accounts on your WordPress site.
What is WPBakery?
WPBakery Page Builder is the most popular page builder for WordPress. It is a very easy to use tool that allows site owners to create custom pages using drag-and-drop tools. It is commonly packaged up with pre-built themes too, so you may not be aware that you use it.
What is the flaw?
How can I protect myself from this in the future?
We recommend using dual account control. Dual account control uses two accounts for any user that may require administrative capability. This can be done by using one user account with administrative capabilities for admin-related tasks like adding new users and plugins and another user account with editor capabilities used to review and approve author and contributor posts.
I need more help…
If you’re hosted with us, we manage your web site and you had the plugin – we will have already updated your site to protect it. If you’re not with us and would like us to resolve your concerns, please contact us.
This page is supported by third-party advertising…