Security patch: Please update to 1.4.0.3

Announcements
1

Hello everyone,

A vulnerability was reported to us by well-recognised WordPress security expert Calvin Alkan and Snicco.

We have worked round the clock with him to get this sorted and have just released a verified patch.

As far as we are aware, nobody has exploited the vulnerability but we strongly recommend you update immediately all your sites to the latest update 1.4.0.3, as a one-click update from your WordPress installation or directly from your Cwicly dashboard.

Please make sure to backup your installation and to regenerate your blocks HTML from the Cwicly Settings on your installation.

Keeping Cwicly and your websites secure is our top priority, we will always react immediately if there is the least suspicion of any vulnerability.

Thanks for your ongoing support, and thanks to Calvin Alkan for his help and recommendations.

Cheers,

Louis-Alexander

3

Is this vulnerability related to the one Bricks Builder just patched at all?

4

Thanks for your effort Louis! It’s the response to issues such as these that I look for when choosing my stack. It takes precedence over features and pricing.

5

I don’t believe they are related. This exploit requires you to have a contributor+ role. More details will be shared in the coming week: Remote Code Execution – Cwicly – snicco

6

Thanks! Doesn’t sound quite as bad as that one was.

I had forgotten to update one Bricks microsite and it was already compromised and slamming the server with cron jobs yesterday.

Needless to say, double-checked that I updated all my Cwicly sites this time.

7

I do not understand exactly what this means. Would you please explain?
Do i have to reset the TW Breakpoints first? If doing so i have a new “Base” plus the “sm”. Do i need to do something in the Cwicly Settings with the new “Exchange Breakpoint” Feature? Or just set the “sm” to “base” in the Breakpoint settings like show in the Screenshot?

CleanShot 2024-02-15 at 17.51.10@2x
CleanShot 2024-02-15 at 17.51.10@2x642Ă—702 49.2 KB

8

regenerate Blocks HTML

Now my website is messed up. :frowning:

9

Hi @michelyweb,

I’m sorry to hear you’ve experienced trouble after regenerating your Blocks HTML.

To investigate further, could you possibly provide temporary access?

If this is possible, for security and privacy reasons, kindly send the details using our paste website, by sharing the link generated through email to support@cwicly.com.

Please follow these steps:

  • Visit our designated paste website: https://paste.cwicly.com/
  • Input your installation details into the provided text field.
  • After entering the information, the website will generate a unique link for your submission.
  • Share this generated link with us through email.

Thank you in advance.

10

No, this doesn’t work with Tailwind classes.

You shouldn’t need to do this.

It is possible that some classes/styles were added directly to the sm breakpoint, in which case you can manually move these to the base breakpoint and that should solve any issues in most cases.

11

If you were using Tailwind default breakpoints before the update just click Reset to Tailwind breakpoints. Then your Base will below all your breakpoints as it should.

Screenshot 2024-02-15 at 16.44.45
Screenshot 2024-02-15 at 16.44.45882Ă—796 45.6 KB

If you see your styles missing on Base then they will be on sm. Transfer sm styles to your Base with the new transfer tool in Cwicly settings.

Screenshot 2024-02-15 at 17.56.36
Screenshot 2024-02-15 at 17.56.361562Ă—1108 73.8 KB

That should sort it.

2 Likes