DO NOT USE THIS PLUGIN!

  • kmwd1800

    (@kmwd1800)


    11 months, 1 week ago

    I have used Essential Addons for years and have it installed on basically all of my websites. This morning, I was doing a routine check on a website and found a new ADMIN user on the site that should not have been there. After some digging, I found out that Essential Addons had a massive vulnerability that allowed hackers to get into sites, create administrator accounts, and add malicious php to every site that had Essential Addons installed.

    I never received any notifications about this massive issue from the Essential Addons team. Luckily Sucuri came out with a great article (they won’t let me link it here but the title is “Vulnerability in Essential Addons for Elementor Leads to Mass Infection” I highly suggest reading it and looking through your sites if you use Essential Addons) on exactly where to look for the malicious code. Essentials Addons did make a blog post about it, but no email notifications or anything else about this issue. This is a huge breach of trust and now I have the awesome job of going through each site and removing Essential Addons and replacing those sections.

    Thanks Essential Addons. Great job.

    • This topic was modified 11 months, 1 week ago by kmwd1800.
Viewing 1 replies (of 1 total)
  • Plugin Support Pial

    (@iapial)

    11 months ago

    Dear @kmwd1800

    We deeply apologize for the inconvenience and breach of trust caused by the recent security vulnerability in Essential Addons for Elementor. We fully understand the frustration and concern this issue has caused you, and we take it very seriously.

    Please note that, Upon being informed about the vulnerability on 8th May 2023, we immediately initiated our response plan. Our development team worked tirelessly to develop and thoroughly test a patch, and Essential Addons for Elementor version 5.7.2 was released on 11th May 2023. This version addresses the reported vulnerabilities and implements enhanced security measures.

    We would like to assure you that we have taken additional steps to address the situation. We have reached out to the WordPress plugin support team and successfully pushed an automatic vulnerability update for sites with the vulnerable version of Essential Addons. This update helped ensure that Vulnerable websites are protected against the identified security issue.

    We have sent out an email notification regarding the vulnerability to all of our users. We apologize if you did not receive our email communication. We can understand how important it is to promptly inform our users about critical matters like this. Please take a moment to review the screenshot here: https://d.pr/i/W1Z1VL. It’s possible that the email may have been overlooked or filtered by your spam filter, leading to a lack of awareness about the situation. We deeply regret any inconvenience caused by this communication gap.

    We genuinely apologize for the impact this security vulnerability has had on your websites and the additional work it has imposed on you. Your trust and satisfaction are of utmost importance to us, and we appreciate your understanding and patience during this process. If you require any further assistance or if there’s anything else we can do to support you, please do not hesitate to let us know.

    Note: Please Ensure that you are using the latest versions of all plugins installed on your websites, especially Essential Addons for Elementor. Our most recent update,Essential Addons for Elementor version 5.7.3 includes security enhancements and fixes for vulnerabilities.

    Again we sincerely apologize for the distressing experience you encountered due to the security breach. We sincerely regret any inconvenience, frustration, and loss of time you have endured while resolving the aftermath. If you need any additional help, please feel free to reach us. We are always here for you.

    Best regards,
    Pial

Viewing 1 replies (of 1 total)
  • The topic ‘DO NOT USE THIS PLUGIN!’ is closed to new replies.