Breakdance v2.0.0 - Website Builder for WordPress

[Arfiano MV]

View File

Breakdance - Website Builder for WordPress

---

Free Download latest version Breakdance - The New Platform For WordPress Website Creation nulled. Destiny Elements for Breakdance Website Builder with more than 25 premium elements to improve your workflow.

Breakdance | The Website Builder You Always Wanted

Create incredible WordPress websites in record time.
 

Easy To Use

120+ elements. Drag & drop editing. Building pages is easy with breakdance.
 

Full Site Editing

Design headers, footers, and templates with Breakdance. Theme optional.
 

WooCommerce Integration

Easily create high-converting stores that match your brand using innovative features.
 

Mega Menu Builder

Create complex dropdown menus with the Breakdance drag & drop visual editor.
 

Powerful Form Builder

Create contact, email subscribe, login, register, and custom forms inside Breakdance.
 

Performance & SEO

No bloat. Customizable HTML tags. SEO plugin compatibility.
 

Powerful Design Features

Everything you need to build beautiful websites. Innovative and powerful global styling controls.
 

Dynamic Data & Conditions

Link element content to your WordPress database. ACF & Toolset integrations.
 

Developer Friendly

Write PHP, HTML, CSS, and JS in Breakdance. Manage and edit CSS classes visually.

---

• Submitter
  Arfiano MV
• Submitted
  03/24/2024
• Category
  Plugins
• File Size
• Demo
  https://destiny.ie/

 

[Arfiano MV]

Breakdance 1.7.1 Now Available – Security Update

Breakdance 1.7.1 is a security update that addresses a vulnerability reported to us by WordFence, disclosed to them by security researcher Francesco Carlucci.

The issue we have addressed is classed as an Authenticated (Contributor+) Stored Cross-Site Scripting (XSS) vulnerability. In simpler terms, this means those who you granted permission to create and edit posts could put HTML or JS code in those posts, and that HTML or JS code would be output on the frontend of your site.

After being notified, we immediately began working with the WordFence team to come up with an ideal solution. The goal was to keep Breakdance’s expected functionality intact, while adding an extra layer of security for users who might be susceptible to this vulnerability.

The WordFence team proposed a fantastic solution which we vetted, approved, and implemented immediately once we were sure it would work. We submitted our implementation and they quickly confirmed that the changes eliminate the reported vulnerability.

How To Know If You Are Impacted

You must have done two things for you to be impacted:
1. You let non-administrators create or edit posts or custom fields
2. You then embed that data on the front-end of your site using Breakdance’s dynamic data capabilities
If you have done both of those things, a non-admin could insert HTML or JavaScript into the front-end of your site, which is a vulnerability and shouldn’t be permitted.
If you haven’t done both of those things, you aren’t impacted. If only administrators have the ability to create or edit posts and custom field data, or if you’re not using the dynamic data capabilities of Breakdance on the front-end of your site, this issue does not impact you.

Our Solution

In Breakdance 1.7.1, any dynamic data from users without the unfiltered_html capability will be filtered by default before it’s displayed on your site.

For those who need more control, we’ve included an option to bypass this filter in Breakdance’s settings under the Advanced tab. This allows you to maintain the functionality you need.

Other Notes

This specific issue is a great example of how the collaboration between software vendors and security researchers should be handled. WordFence (and Francesco) disclosed a real, valid vulnerability that could be impactful for some users. We worked with them to find a solution and implemented the solution.

We hope that more security researchers and security vendors look to teams like WordFence and people like Francesco as great examples of how to make a real, measurable difference in the WordPress security space.

A huge thank you goes out to Francesco Carlucci for bringing this to our attention. Their proactive approach to web security is exactly what helps keep the internet a safer place for everyone. As a token of our gratitude, we’ve rewarded Francesco with $500 for the responsible disclosure.

[Arfiano MV]

Latest Updated.

Breakdance 1.7.2 Now Available – Security Update

Important – if you encounter issues after updating, you should:

• Go to WP Admin > Breakdance > Settings > Tools and click Migrate Meta
• Clear your cache with your server / host / cache plugin

Breakdance 1.7.2 is a security update that addresses a vulnerability reported to us by security researcher Francesco Carlucci.
The issue we have addressed is a privilege escalation vulnerability that would allow a user with “contributor” or higher permissions to escalate their privileges to an admin (CVE-2024-4605). This issue impacts anyone that has granted untrusted users Contributor+ access to their WordPress website. It does not affect you if you do not have Contributor+ users on your WordPress website. This issue can only be exploited by a Contributor+ user.
Here’s a quick breakdown of the timeline (UTC−04:00) for this disclosure & patch:

• May 6th, 6:16 AM: Francesco reported the vulnerability to us.
• May 6th, 6:24 AM: We responded and immediately began workshopping solutions with Francesco, vetting the options to find the most effective and secure route.
• May 7th, 12:55 AM: 1.7.2 was sent to Francesco for verification.
• May 7th, 11:36 AM: Francesco verified the fix. We then did final testing.
• May 7th, 7:30 PM: 1.7.2 released, patching this vulnerability.

[Arfiano MV]

Changelog Version 2.0.0 NULLED

• https://breakdance.com/v2/