Bootstrap 4.3.1 & 3.4.1 released: Fixes XSS vulnerability affecting about 16% WP sites

Bootstrap 4.3.1 & 3.4.1 released: Fixes XSS vulnerability affecting about 16% WP sites

Are you using Bootstrap powered theme or plugin? If yes, then Consider updating the Bootstrap version to the latest 4.3.1 and 3.4.1 version.
Previous versions (4.3 and 3.4) were reported to have XSS vulnerability (CVE-2019-8331) that affects tooltip and popover plugin usability, compromising on website’s security.

As approx 16% of the web uses Bootstrap for WordPress themes and plugins, it’s crucial to update the developers and website owners about the recent vulnerability and website security loopholes.

Bootstrap 4.3.1 & 3.4.1 released

“Earlier this week a developer reported an XSS issue similar to the data-target vulnerability that was fixed in v4.1.2 and v3.4.0: the data-template attribute for our tooltip and popover plugins lacked proper XSS sanitization of the HTML that can be passed into the attribute’s value.” – reported in the official blog post.

The moment this security loophole was exposed by the Bootstrap Drupal project and development team, officials took no time in releasing patches 4.3.1 and 3.4.1 on 15th Feb 2019, fixing the bug.

The patched Bootstrap versions 4.3.1 and 3.4.1 allow only whitelisted HTML elements in the data attribute. Thanks to the new JS sanitizer that can be modified and customized.

Earlier this week, we reported a critical bug in a popular social sharing plugin which could take down an entire WP site.

What to do?

If you’re using a Bootstrap powered plugin or theme then it’s critical to ask their developers to work on the latest candidate and release an update, ASAP!

To keep things on the safer side, we recommend using any of these best WordPress security plugins.

Comment below the affected plugin or theme name you’re using. Do share this info within your WordPress community.

Critical Bug in Popular WP Plugin can take over Entire Website

Critical Bug in Popular WP Plugin can take over Entire Website

A plugin Simple Social Buttons was reported to have a major bug that can comprise the entire WordPress website by allowing hackers to have unauthorized access to the backend.

A security researcher and developer at WebARX, Luka Šikić, discovered this major bug in the plugin developed by WPBrigade.

What this Plugin does?

Simple Social Buttons is a popular plugin available in both free and paid versions which adds social media sharing buttons at the sidebar, inline, above or below the post. It also adds these buttons on pictures, popups, and fly-ins.

Plugin Vulnerability

According to the researcher, a hacker who can register on your website for adding comments or sharing your posts to other social platforms can easily exploit this vulnerability to plant backdoors for taking over admin accounts for further unauthorized access.

Luka Šikić discovered this security vulnerability last week and notified the problem to the plugin’s developer WPBrigade. The developer took no time in releasing a security patch for the plugin.

Luka Šikić also posted a demo on YouTube to show the severe consequences of the plugin’s vulnerabilities.

Update The Plugin – ASAP!

Update this plugin immediately to the newer version, i.e., 2.0.22.

WordPress plugins sure help in extending the functionality of an otherwise easy-to-use CMS but it also comes with own set of vulnerabilities.

If you’ve been using WordPress CMS for a while, this isn’t something new to you.

In addition, the researchers at Sucuri and MalwareBytes claim that hackers are exploiting vulnerabilities in outdated themes and plugins. And the outdated Simple Social Buttons plugin is on top of their list.

According to the stats on WordPress.org, the free version of this plugin is currently installed on more than 40,000 WordPress sites, making them vulnerable to this severe security bug. 

Thus, the website owners who have this plugin installed must update it as quickly as possible.

To learn all about keeping your WordPress site secure on automation, read about these best WordPress security plugins.

Sharing is caring

Do share this WP plugin news with your WP community members. Stay tuned to Breeze.io blog for everything related to WordPress.

How to Access SSH/SFTP through Breeze.io?

SFTP (SSH File Transfer Protocol) protects against password sniffing and hacker/botnets attacks.

Also, it protects the data integrity through encryption and cryptographic hash functions.

In a nutshell:

SSH/SFTP play an important role in maintaining website security.

Now, accessing SSH/SFTP through Breeze Panel is a hassle-free task that can be done in just a few clicks. Let’s learn how.

Accessing SSH/SFTP on Breeze

1. Accessing SSH through Breeze Dashboard

1.1 Using Linux

1.2 Using PuTTy (Windows)

2. Accessing SFTP from Breeze.io using FileZilla

1. Accessing SSH through Breeze Dashboard

Breeze allows accessing SSH on both Windows and Linux.

Here’re the quick steps for both:

1.1 Using Linux

1. Access your Breeze.io panel by entering your email/username and password.

2. Click on the website name whose Shell you want to access, or simply click on “Manage” in front of the site name.

3. On Overview page, you can see a section of “SSH/SFTP Logins“. Here you can see (and copy) the username and password for your SSH/SFTP of your website.

4. Now, open the Linux CLI and type the following line of code:

ssh <username>@<ipaddress> -p <port>

Note: Use the SSH username and Port from SSH/SFTP Logins section. You can see IP address from Basic Detail section on Overview page.

5. As you enter, you will be asked whether you want to continue connecting or not? Type “yes“, and press Enter.

7. You will be asked for your password. Go to the Overview page on the Breeze dashboard, and get your SSH password.

8. Type your password on Linux CLI and press Enter.

9. Now you can successfully access your website’s Secure Shell.

1.2 Using PuTTy (Windows)

For accessing SSH on Windows, you need to install a software called ‘PuTTy’.

1. Download PuTTy, if not already installed on your device. Install and run PuTTy. Then follow the given steps to access SSH through it.

2. Once installed, open PuTTy, you will see a PuTTy Configuration box.

3. Enter the IP address and Port in their respective columns, and choose SSH in Connection type.

Refer to the image below for a better understanding. (IP address and Port are blurred for Privacy concerns).

4. Click “Open“.

5. You will be taken to PuTTy (Windows) CLI. Type your SSH username followed by this line of code:

<username>@ipaddress <password>

6. Press Enter. You will now be able to access SSH.

2. Accessing SFTP through Breeze using FileZilla

Here’s what you need to do:

1. The first step would be to download FileZilla on your device, if it’s not there already.

2. Open FileZilla, on the top bar, fill in your following details:

  • IP address (sftp://yourIPaddress)
  • Username
  • Password
  • Port

3. Click “Quick Connect“.

4. As you connect, you can access SFTP through FileZilla. Here’s an example:

Note: In case you’re facing any issue in accessing SSH or SFTP through Breeze.io dashboard, please comment below your query, or talk to us directly. 🙂

How to Access MySQL through CLI and PHPMyAdmin in Breeze?

Breeze.io offers a user-friendly and a quite intuitive platform for its customers. You can easily access MySQL in Breeze panel through both, CLI and PHPMyAdmin.

Navigate through two given sections:

1. Accessing MYSQL from PHPMyAdmin

2. Accessing MySQL through CLI

Accessing MySQL from PHPMyAdmin

1. The first step is to enter your breeze.io dashboard with your credentials like username and password.

2. On the dashboard, locate your desired website name and click the “Manage” button in front of it.

3. Now, you’ll land on the Overview page.

4. Scroll the page and you will see your Database logins for that particular site.

5. Just copy your username and password from there (Click to copy).

6. Click on the “Open MySQL Editor” button located just beside it.

7. You will be taken to the next page; it looks like this:

8. Now paste your credentials (username and password) that you just copied.

9. Click on “Go“, and you’ll successfully enter your MySQL through PHP, My Admin.

Accessing MySQL through CLI

1. For accessing MySQL through CLI, you will have to access SSH first.

2. Once you’re done, just type this line of code on your CLI screen:

3. Press Enter.

Need further assistance? Comment down your question, our team will revert soon. 😊

How To Fix ERR_TOO_MANY_REDIRECTS On Breeze.io?

ERR_TOO_MANY_REDIRECTS, also referred to as Redirect loop is a common problem. However, its solution is not always so easy.

Yes, you can adjust the URL settings for your site, but sometimes it won’t help.

Multiple redirects may usually happen because your domain address/URL points to too many places, or not at the right one. This can cause your website to go into an infinite redirection loop.

Different browsers notify this error to its users differently. Let’s see some variations of this error on different browsers.

1. Google Chrome

Google Chrome shows this error in this way, saying that the domain you’re searching for, has redirected you too many times.

2. Mozilla Firefox

Mozilla Firefox says, “The page isn’t redirecting properly”. Here’s an example:

3. Microsoft Edge

M.E. won’t specify multiple redirecting issues by saying it straight. It says that it can’t reach the page you’re looking for:

In a nutshell, having err_too_many_redirects can be frustrating. But having a website on breeze.io can put your mind at ease.

Fixing ERR_TOO_MANY_REDIRECTS through Breeze Dashboard

1. Remove Really Simple SSL

Breeze.io offers its own SSL to the websites on it. Really Simple SSL can create some issue and may also lead to multiple redirects.

If you don’t want to fully delete Really Simple SSL, you can simply remove the rules and deactivate it.

2. Redirect your site from HTTP to HTTPS

The second step is to redirect your site to https.

HTTPS means secured HTTP. It’s beneficial not just for multiple redirect issues but also for your customers’ safety.

Here’s our separate KB on How to move from HTTP to HTTPS on Breeze.

3. Flush Cache and Refresh

Clearing cache ensures that all the previous record saved from the server memory is gone and it will now save the new changes, starting from fresh.

Flushing cache is important to show the users the latest version of your site with the latest modifications.

Read: How to Clear cache on Breeze.io panel.

After following all these three steps, reload your website, and you won’t face any redirection issue.

P.S. In case you need further assistance from our engineers, feel free to comment down your query or contact us.