A vulnerability was reported to us by well-recognised WordPress security expert Calvin Alkan and Snicco.
We have worked round the clock with him to get this sorted and have just released a verified patch.
As far as we are aware, nobody has exploited the vulnerability but we strongly recommend you update immediately all your sites to the latest update 1.4.0.3, as a one-click update from your WordPress installation or directly from your Cwicly dashboard.
Please make sure to backup your installation and to regenerate your blocks HTML from the Cwicly Settings on your installation.
Keeping Cwicly and your websites secure is our top priority, we will always react immediately if there is the least suspicion of any vulnerability.
Thanks for your ongoing support, and thanks to Calvin Alkan for his help and recommendations.
Thanks for your effort Louis! It’s the response to issues such as these that I look for when choosing my stack. It takes precedence over features and pricing.
I don’t believe they are related. This exploit requires you to have a contributor+ role. More details will be shared in the coming week: Remote Code Execution – Cwicly – snicco
I do not understand exactly what this means. Would you please explain?
Do i have to reset the TW Breakpoints first? If doing so i have a new “Base” plus the “sm”. Do i need to do something in the Cwicly Settings with the new “Exchange Breakpoint” Feature? Or just set the “sm” to “base” in the Breakpoint settings like show in the Screenshot?
I’m sorry to hear you’ve experienced trouble after regenerating your Blocks HTML.
To investigate further, could you possibly provide temporary access?
If this is possible, for security and privacy reasons, kindly send the details using our paste website, by sharing the link generated through email to support@cwicly.com.
It is possible that some classes/styles were added directly to the sm breakpoint, in which case you can manually move these to the base breakpoint and that should solve any issues in most cases.
If you were using Tailwind default breakpoints before the update just click Reset to Tailwind breakpoints. Then your Base will below all your breakpoints as it should.