.png.8d9b97b629a8df34b4d57a1d8f8d3ee9.png){kind=logo}
About This File
Free Download latest version Breakdance - The New Platform For WordPress Website Creation nulled. Destiny Elements for Breakdance Website Builder with more than 25 premium elements to improve your workflow.
Breakdance | The Website Builder You Always Wanted
Create incredible WordPress websites in record time.
Easy To Use
120+ elements. Drag & drop editing. Building pages is easy with breakdance.
Full Site Editing
Design headers, footers, and templates with Breakdance. Theme optional.
WooCommerce Integration
Easily create high-converting stores that match your brand using innovative features.
Mega Menu Builder
Create complex dropdown menus with the Breakdance drag & drop visual editor.
Powerful Form Builder
Create contact, email subscribe, login, register, and custom forms inside Breakdance.
Performance & SEO
No bloat. Customizable HTML tags. SEO plugin compatibility.
Powerful Design Features
Everything you need to build beautiful websites. Innovative and powerful global styling controls.
Dynamic Data & Conditions
Link element content to your WordPress database. ACF & Toolset integrations.
Developer Friendly
Write PHP, HTML, CSS, and JS in Breakdance. Manage and edit CSS classes visually.
What's New in Version v1.7.1 NULLED See changelog
Released
Breakdance 1.7.1 Now Available – Security Update
Breakdance 1.7.1 is a security update that addresses a vulnerability reported to us by WordFence, disclosed to them by security researcher Francesco Carlucci.
The issue we have addressed is classed as an Authenticated (Contributor+) Stored Cross-Site Scripting (XSS) vulnerability. In simpler terms, this means those who you granted permission to create and edit posts could put HTML or JS code in those posts, and that HTML or JS code would be output on the frontend of your site.
After being notified, we immediately began working with the WordFence team to come up with an ideal solution. The goal was to keep Breakdance’s expected functionality intact, while adding an extra layer of security for users who might be susceptible to this vulnerability.
The WordFence team proposed a fantastic solution which we vetted, approved, and implemented immediately once we were sure it would work. We submitted our implementation and they quickly confirmed that the changes eliminate the reported vulnerability.
How To Know If You Are Impacted
You must have done two things for you to be impacted:
1. You let non-administrators create or edit posts or custom fields
2. You then embed that data on the front-end of your site using Breakdance’s dynamic data capabilities
If you have done both of those things, a non-admin could insert HTML or JavaScript into the front-end of your site, which is a vulnerability and shouldn’t be permitted.
If you haven’t done both of those things, you aren’t impacted. If only administrators have the ability to create or edit posts and custom field data, or if you’re not using the dynamic data capabilities of Breakdance on the front-end of your site, this issue does not impact you.
Our Solution
In Breakdance 1.7.1, any dynamic data from users without the unfiltered_html capability will be filtered by default before it’s displayed on your site.
For those who need more control, we’ve included an option to bypass this filter in Breakdance’s settings under the Advanced tab. This allows you to maintain the functionality you need.
Other Notes
This specific issue is a great example of how the collaboration between software vendors and security researchers should be handled. WordFence (and Francesco) disclosed a real, valid vulnerability that could be impactful for some users. We worked with them to find a solution and implemented the solution.
We hope that more security researchers and security vendors look to teams like WordFence and people like Francesco as great examples of how to make a real, measurable difference in the WordPress security space.
A huge thank you goes out to Francesco Carlucci for bringing this to our attention. Their proactive approach to web security is exactly what helps keep the internet a safer place for everyone. As a token of our gratitude, we’ve rewarded Francesco with $500 for the responsible disclosure.
