Vulnerability Discovered in Page Builder by SiteOrigin < 2.10.16
https://www.wordfence.comPage Builder by SiteOrigin WordPress plugin has 1 million + active installations and is a popular page builder plugin for WordPress. In versions prior to 2.10.16, there is a vulnerability that allow attackers to forge requests on behalf of a site administrator and execute malicious code in the administrator’s browser. The attacker needs to trick a site administrator into executing an action, like clicking a link or an attachment, for the attack to succeed.
The issue has been fixed in Version 2.10.16 which is available now from the WordPress Plugin Repo.