• The default language of any content posted is English.
    Do not create multi-accounts, you will be blocked!
  • Information: Safety & Support
    Resources here are generally safe, but false positives may occur on Virustotal due to certain coding techniques. Exercise caution and test before use.
    Consider buying licenses to support developers. Your security is our priority.
Breakdance

Breakdance 2.1.0 NULLED

  • Like
Reactions: WPro and krypti

Breakdance 1.7.2 Now Available – Security Update​


Important – if you encounter issues after updating, you should:
  • Go to WP Admin > Breakdance > Settings > Tools and click Migrate Meta
  • Clear your cache with your server / host / cache plugin


Breakdance 1.7.2 is a security update that addresses a vulnerability reported to us by security researcher Francesco Carlucci.
The issue we have addressed is a privilege escalation vulnerability that would allow a user with “contributor” or higher permissions to escalate their privileges to an admin (CVE-2024-4605). This issue impacts anyone that has granted untrusted users Contributor+ access to their WordPress website. It does not affect you if you do not have Contributor+ users on your WordPress website. This issue can only be exploited by a Contributor+ user.
Here’s a quick breakdown of the timeline (UTC−04:00) for this disclosure & patch:
  • May 6th, 6:16 AM: Francesco reported the vulnerability to us.
  • May 6th, 6:24 AM: We responded and immediately began workshopping solutions with Francesco, vetting the options to find the most effective and secure route.
  • May 7th, 12:55 AM: 1.7.2 was sent to Francesco for verification.
  • May 7th, 11:36 AM: Francesco verified the fix. We then did final testing.
  • May 7th, 7:30 PM: 1.7.2 released, patching this vulnerability.

Breakdance 1.7.1 Now Available – Security Update​

Breakdance 1.7.1 is a security update that addresses a vulnerability reported to us by WordFence, disclosed to them by security researcher Francesco Carlucci.

The issue we have addressed is classed as an Authenticated (Contributor+) Stored Cross-Site Scripting (XSS) vulnerability. In simpler terms, this means those who you granted permission to create and edit posts could put HTML or JS code in those posts, and that HTML or JS code would be output on the frontend of your site.

After being notified, we immediately began working with the WordFence team to come up with an ideal solution. The goal was to keep Breakdance’s expected functionality intact, while adding an extra layer of security for users who might be susceptible to this vulnerability.

The WordFence team proposed a fantastic solution which we vetted, approved, and implemented immediately once we were sure it would work. We submitted our implementation and they quickly confirmed that the changes eliminate the reported vulnerability.

How To Know If You Are Impacted​

You must have done two things for you to be impacted:
1. You let non-administrators create or edit posts or custom fields
2. You then embed that data on the front-end of your site using Breakdance’s dynamic data capabilities
If you have done both of those things, a non-admin could insert HTML or JavaScript into the front-end of your site, which is a vulnerability and shouldn’t be permitted.
If you haven’t done both of those things, you aren’t impacted. If only administrators have the ability to create or edit posts and custom field data, or if you’re not using the dynamic data capabilities of Breakdance on the front-end of your site, this issue does not impact you.

Our Solution​

In Breakdance 1.7.1, any dynamic data from users without the unfiltered_html capability will be filtered by default before it’s displayed on your site.

For those who need more control, we’ve included an option to bypass this filter in Breakdance’s settings under the Advanced tab. This allows you to maintain the functionality you need.

Other Notes​

This specific issue is a great example of how the collaboration between software vendors and security researchers should be handled. WordFence (and Francesco) disclosed a real, valid vulnerability that could be impactful for some users. We worked with them to find a solution and implemented the solution.

We hope that more security researchers and security vendors look to teams like WordFence and people like Francesco as great examples of how to make a real, measurable difference in the WordPress security space.

A huge thank you goes out to Francesco Carlucci for bringing this to our attention. Their proactive approach to web security is exactly what helps keep the internet a safer place for everyone. As a token of our gratitude, we’ve rewarded Francesco with $500 for the responsible disclosure.
  • Like
Reactions: MarkDragon
Breakdance 1.7 includes a number of important new features, and a large number of tweaks, enhancements, and general quality of life updates.

We’re very excited to announce that the first beta of Breakdance 1.7 is now available for testing. You can find the beta download in the customer portal.

Read on to find out more about what’s in store in Breakdance 1.7!

Build Massive WooCommerce Stores with Breakdance​

New in 1.7, we’ve heavily optimized Breakdance to operate on WooCommerce stores with enormous product inventories and extremely large taxonomy term counts. Stores with huge numbers of products or those dealing with a large number of category and tag combinations can now operate smoothly without any performance hiccups. This is achieved through improved data handling and query optimization, ensuring that large-scale operations do not compromise the site’s speed and user experience.

This makes Breakdance an ideal solution for high-volume online retailers seeking a robust and reliable e-commerce platform. Looking ahead, this update positions Breakdance not just as a tool for current needs but as a future-proof solution for expanding online stores. As businesses grow and diversify their offerings, Breakdance will continue to provide a stable and efficient platform, adaptable to evolving market demands and customer expectations. Our commitment to scalability and performance makes Breakdance a valuable asset for ambitious WooCommerce store owners aiming to scale their operations seamlessly.

Introducing The Template Marketplace​

A screenshot of the template marketplace at breakdance.com/templates


We’re super excited to foster a rich ecosystem around Breakdance. One of the first steps toward that is the new Template Marketplace, which is launching alongside the first beta of Breakdance 1.7.

The Template Marketplace is a complete list of community-created and native templates available for use via Breakdance’s design library.

You can browse the list of templates and find beautiful designs to propel your site to the next level instantly.

To further enable the distribution and sale of third-party templates, we’ve introduced a few enhancements to our design library features.

Hide The “Copy Section” Button​

On sites designated as design sets, visitors are presented with a convenient “copy section” button while browsing the site on the front-end.

For premium template sellers, this needs to be hidden for any users who haven’t already paid for the design.

In Breakdance 1.7, we’ve made this button optional and disabled by default.

Password Protect Your Design Sets​

Previously, it was difficult to protect premium design sets from non-paying customers.

In Breakdance 1.7, you can password protect access to your design sets easily.

The password you designate can then be distributed to paying customers via your sales platform or other means.

Add Alternate & Static Items In Repeater Layouts​

A screenshot showing the Breakdance builder controls for adding alternate and static blocks to Repeater element layouts


Breakdance features stellar support for repeatable content from plugins like Advanced Custom Fields and Meta Box via its Repeater element.

In Breakdance 1.7, you can now designate alternate Global Blocks and even static content to be shown interstitially within your Repeater element, enabling a vast array of creative and effective layouts.

Edit Rich Text Your Way​

Image of a TinyMCE rich text editor


In Breakdance 1.7, we’ve introduced the ability to edit Rich Text elements with the TinyMCE editor.

This feature was highly demanded and provides an incredible amount of flexibility when authoring rich text content in Breakdance.

Developer API For Global Settings​

A screenshot of a code example related to the new Global Settings API for Breakdance


Developers rejoice! You can now add your own Global Settings to Breakdance’s Global Settings areas via our new Global Settings API.

You can learn more about the API and view examples at https://breakdance.com/documentation/developers/global-settings-api/.

Polish & Fixes​

  • Custom design sets are now listed by name instead of URL
  • Adjusted the width of the design library modal
  • Design Library now remembers the last used provider
  • It is now possible to filter design sets by name
  • Code editor instances now wrap lines by default
  • Made performance improvements for sites with large numbers of posts, products, tags, etc…
  • Template Content Area now uses “main” tag by default and allows different tag choices
  • Typography presets are now sorted alphabetically
  • Header Builder now supports “aside” and “nav” tags
  • Hashlinks now work with sticky/entrance animations
  • Added center/center positioning for Image Hover Card captions
  • Improved semantics by removing use of footer tag from the Form Builder
  • Fixed responsive text field for Social Share Buttons
  • Fixed number typography for Simple Counter
  • Exposed new formValues variable for Form Builder JS action
  • Fixed issue with the Form Builder breaking in certain instances after clearing settings in “advanced” sections
  • Fixed issue preventing slider arrow size + overlay from working on mobile

New Features​

  • Duplicate & Active Toggle for Templates (and Headers, Footers, Popups, & Global Blocks)
  • Search Form – support custom post types, ensure integration with Woo filters, FacetWP, WP Grid Builder, and any search results page in WordPress

Other Polish & Fixes​

  • Popups – Improve Hashlink Autoclose Behavior
  • Popups – Pause Videos On Close
  • Popups – Add Open/Close Action API
  • Client Mode Polish
  • Various PHP 8.x Fixes
  • Template Previewable Items: Improve Logic
  • Nothing to Preview Notice – remove misleading colors
  • Better error dialog
  • Maintenance Mode – Correctly Set 503 Header
  • Make Global Settings > Advanced > Body Font Family Apply Correctly In Media Queries
  • Global Colors: use uuid in CSS variable names
  • Caching: call clean_post_cache after saving
  • Code Block: PHP & HTML Label
  • Template Settings: Fix Typo
  • Template Settings: Fix IO-TS Error(s)
  • Dropdowns: add 100vh max height
  • Fix Clipboard Console Error
  • Link Input – Support string URLs
  • Class Input – Enter to Add Class

Element Enhancements​

  • Gallery: add option to disable srcset & sizes for thumbnails
  • Mini Cart – Options to Hide Subtotal / Qty When Empty
  • Lightbox: show close button on mobile
  • Mini Cart: fix default text-align
  • Pricing Table: customize HTML tag for title
  • Simple Counter: customize title & number HTML tags
  • Div, Grid, Wrapper Link: improve background responsive behavior
  • Text Button Custom Icon Arrows – correct default styles
  • Progress Bar: support dynamic progress percentage
  • Video: remove overflow: hidden
  • Text Colors control sections for container-type elements: deprecate
  • Menu Dropdown – Add missing link options
  • Menu Builder – Disable Scrolling The Page When in Offcanvas / Fullscreen Mode
  • Menu Builder – Typography hover effect not applying to dropdown arrow
  • Menu Builder – On Mobile, Menu Stays Open When Parent Sticky Header Is Hidden: tested, solved
  • Menu Builder – Touch Action Prevents Scrolling
  • Menu Builder – Menu Dropdown – Missing Options For Opening in New Tab, Etc: solved
  • Menu Builder – Safari – this.getAllToggle().at is not a function
  • Loop Builder compatibility – Use unique slugs for IDs
  • Star Rating – Support for Never Vertical At Option
  • Like
Reactions: GhRG87FGH
Breakdance 1.5 is now available.

New Features​

  • Post Loop Builder: Support Interspersing Multiple Global Blocks To Vary The Design
  • CSS Input – autofill with .breakdance .bde-rich-text-391-109
  • Dynamic Data “God Mode”
Breakdance 1.4.1 is now available.

Fixes​

  • Popup Builder – revert using the “template” tag approach to load popups
  • Note: a one-line change was made from 1.4.1 RC2 to the final release to fix entrance/exit animations on popups
Top