Pial
Forum Replies Created
-
Dear @okeydigital ,
We deeply apologize for the inconvenience and breach of trust caused by the recent security vulnerability in Essential Addons for Elementor. We fully understand the frustration and concern this issue has caused you, and we take it very seriously.
Please note that, Upon being informed about the vulnerability on 8th May 2023, we immediately initiated our response plan. Our development team worked tirelessly to develop and thoroughly test a patch, and Essential Addons for Elementor version 5.7.2 was released on 11th May 2023. This version addresses the reported vulnerabilities and implements enhanced security measures.
We would like to assure you that we have taken additional steps to address the situation. We have reached out to the WordPress plugin support team and successfully pushed an automatic vulnerability update for sites with the vulnerable version of Essential Addons. This update helped ensure that Vulnerable websites are protected against the identified security issue.
We have also sent out an email notification regarding the vulnerability to all of our users. We also publish a blog regarding this. We apologize if you did not receive our email communication. We can understand how important it is to promptly inform our users about critical matters like this. Please take a moment to review the screenshot here: https://d.pr/i/W1Z1VL. It’s possible that the email may have been overlooked or filtered by your spam filter, leading to a lack of awareness about the situation. We deeply regret any inconvenience caused by this communication gap.
We genuinely apologize for the impact this security vulnerability has had on your websites and the additional work it has imposed on you. Your trust and satisfaction are of utmost importance to us.
Note: We advise you to thoroughly check for any unauthorized administrator users and any left-behind malicious code. Pay close attention to the “wp-content/plugins” directory and your existing themes and delete any folders that you do not recognize, especially those similar to the “posts-layouts” plugin or any other suspicious plugins and themes.Please ensure to follow this instruction and make sure that you are using the latest versions of all plugins installed on your websites, especially Essential Addons for Elementor. Our most recent update,Essential Addons for Elementor version 5.7.4 & Essential Addons for Elementor PRO version 5.4.11 includes security enhancements and fixes for vulnerabilities.
Again we sincerely apologize for the distressing experience you encountered due to the security breach. We sincerely regret any inconvenience, frustration, and loss of time you have endured while resolving the aftermath. If you need any additional help or any guidance, please feel free to reach us. We are always here for you.
Dear @wpmonkeys
We deeply apologize for the distressing experience you have faced as a result of the security issues. We understand the gravity of the situation and the significant repercussions it had on your job and the trust of your clients’ customers.
We want to assure you that we have taken all the necessary steps to address and fix the problem, and we have implemented measures to ensure its resolution. The vulnerability you experienced was related to an externally requested method via curl(). We have identified this issue and made internal changes to rectify it and strengthen the security of our plugin. There is no vulnerability issues is reported with Our Latest version of Essential Addons.
During the previous vulnerability, it is possible that hackers exploited the situation and added unauthorized administrator users or created backdoors or left malicious code using file manager plugins.And because of that even after updating the EA Plugin you faced the issue again. We deeply apologize for the hardship and negative impact this has had on your professional endeavors. Please note that we did informed all of our users regarding the issue and provided a detailed instructions on how to overcome the issue. It is possible that you may have missed the email due to the filtering system of your email provider or overlooking it among other messages in your inbox. We sincerely apologize for any inconvenience this may have caused.
If there is anything we can do to assist you further or regain your trust, please do not hesitate to let us know. We are here to support you and address any lingering concerns you may have.
Again, we apologize for any inconvenience caused and appreciate your understanding as we strive to provide a more secure experience.Hello @palagornp
Hope you are doing well. Regarding your inquiry, I would like to clarify that the security issue we addressed was not specific to any particular widget within the Essential Addons plugin. It was related to a method that was being externally requested via curl(). We have taken all the necessary steps to address this issue and have made internal changes to ensure its resolution.
To mitigate any risks and ensure the security of your websites, we strongly recommend that you update to the latest versions of all plugins installed, particularly Essential Addons for Elementor. The most recent update, Essential Addons for Elementor version 5.7.3, and Essential Addons for Elementor PRO version 5.4.10, include essential security enhancements and fixes for vulnerabilities.
By keeping all your plugins up to date, including Essential Addons, you can enhance the overall security and stability of your websites. If you have any further questions or concerns, please feel free to reach out to our support team. We are here to assist you.
Thank you for your understanding and cooperation. We value your trust in our products and strive to provide the best possible solutions to ensure a secure and seamless experience for you.
Best regards,
PialDear @ana2788
We deeply apologize for the inconvenience and breach of trust caused by the recent security vulnerability in Essential Addons for Elementor. We fully understand the frustration and concern this issue has caused you, and we take it very seriously.
Please note that, Upon being informed about the vulnerability on 8th May 2023, we immediately initiated our response plan. Our development team worked tirelessly to develop and thoroughly test a patch, and Essential Addons for Elementor version 5.7.2 was released on 11th May 2023. This version addresses the reported vulnerabilities and implements enhanced security measures.
We would like to assure you that we have taken additional steps to address the situation. We have reached out to the WordPress plugin support team and successfully pushed an automatic vulnerability update for sites with the vulnerable version of Essential Addons. This update helped ensure that Vulnerable websites are protected against the identified security issue.
We sincerely apologize for the impact the security vulnerability has had on your websites and the subsequent burden it placed on you. We deeply regret any inconvenience caused during this unfortunate situation.
Your trust and satisfaction are of utmost importance to us. Our team is committed to resolving any issue and ensuring the security and reliability of our plugin moving forward.
If you require any further assistance or if there’s anything else we can do to support you, please do not hesitate to reach out. We are here to help and address any concerns you may have.
Note: Please Ensure that you are using the latest versions of all plugins installed on your websites, especially Essential Addons for Elementor. Our most recent update,Essential Addons for Elementor version 5.7.3 includes security enhancements and fixes for vulnerabilities.Thank you for your patience and cooperation. We value your feedback, and we will continue working diligently to provide you with a better experience.
Hello @ep2012
Hope you are doing well
About your inquiries-
1. Yes, You can create your own custom slugs with words. Please check this demonstration here: https://d.pr/v/FKQFui
2. Yes you can import links via CSV. Please check this demonstration here: https://d.pr/v/NS0KuZ
3. Yes we have sorting options based on categories. Please check this demonstration here: https://d.pr/v/tUZFS8
4. Yes we have Parameter Forwarding option. Please check this demonstration here: https://d.pr/v/p5eh8p
5. Yes you can track your links Updates from different sites.
6. Yes, we have click tracking options. Please check this demonstration here: https://d.pr/v/fgCfN9
Hope it helps
Let me know how it goes
ThanksDear @kmwd1800
We deeply apologize for the inconvenience and breach of trust caused by the recent security vulnerability in Essential Addons for Elementor. We fully understand the frustration and concern this issue has caused you, and we take it very seriously.
Please note that, Upon being informed about the vulnerability on 8th May 2023, we immediately initiated our response plan. Our development team worked tirelessly to develop and thoroughly test a patch, and Essential Addons for Elementor version 5.7.2 was released on 11th May 2023. This version addresses the reported vulnerabilities and implements enhanced security measures.
We would like to assure you that we have taken additional steps to address the situation. We have reached out to the WordPress plugin support team and successfully pushed an automatic vulnerability update for sites with the vulnerable version of Essential Addons. This update helped ensure that Vulnerable websites are protected against the identified security issue.
We have sent out an email notification regarding the vulnerability to all of our users. We apologize if you did not receive our email communication. We can understand how important it is to promptly inform our users about critical matters like this. Please take a moment to review the screenshot here: https://d.pr/i/W1Z1VL. It’s possible that the email may have been overlooked or filtered by your spam filter, leading to a lack of awareness about the situation. We deeply regret any inconvenience caused by this communication gap.
We genuinely apologize for the impact this security vulnerability has had on your websites and the additional work it has imposed on you. Your trust and satisfaction are of utmost importance to us, and we appreciate your understanding and patience during this process. If you require any further assistance or if there’s anything else we can do to support you, please do not hesitate to let us know.
Note: Please Ensure that you are using the latest versions of all plugins installed on your websites, especially Essential Addons for Elementor. Our most recent update,Essential Addons for Elementor version 5.7.3 includes security enhancements and fixes for vulnerabilities.
Again we sincerely apologize for the distressing experience you encountered due to the security breach. We sincerely regret any inconvenience, frustration, and loss of time you have endured while resolving the aftermath. If you need any additional help, please feel free to reach us. We are always here for you.
Best regards,
PialDear @davidanderson
Thank you for your feedback and raising your concerns regarding the handling of the recent security update for Essential Addons for Elementor. We value your input and would like to address your points.
- Regarding the automatic update process, we would like to clarify that we did reach out to the WordPress Plugin Review Team and followed their guidelines to ensure the security update was released through the official channels. We collaborated closely with the team to expedite the process and make the update available to our users as quickly as possible. However, due to the nature of the review and approval process, there may have been a slight delay in the automatic update reaching all users. We apologize for any inconvenience caused by this delay.
- We appreciate your suggestion for improving the changelog entry and providing more explicit information about the critical security fix. Your feedback regarding the importance of clear and concise communication is valuable to us. We have forwarded your suggestion to the appropriate authority within our team, and we will work on enhancing our communication practices in future updates. Ensuring transparency and providing accurate information to our users is of utmost importance to us.
We genuinely appreciate your engagement and concern for the security and reliability of our plugin. Rest assured, we are committed to continuously improving our processes and addressing any shortcomings.
If you have any further questions or suggestions, please feel free to reach out to us. We value your trust and will do our best to ensure a positive experience with Essential Addons for Elementor.
Thank you for your understanding and support.
Best regards,
PialDear @titowhisky ,
Thank you for bringing up the upcoming High-Performance Order Storage (HPOS) functionality in WooCommerce.
We understand the importance of ensuring compatibility between our plugin and new features introduced by WooCommerce. Our team is currently evaluating the necessary steps to adapt our plugin for the use of WC HPOS. However, we must inform you that this process may take some time as we want to ensure a seamless integration without any potential issues for our users.
We are actively working on this matter and closely monitoring the progress of the HPOS functionality. Rest assured, we will do our best to implement the necessary changes in a timely manner. We recommend keeping an eye on our plugin updates and announcements as we will communicate any developments regarding compatibility with WC HPOS.
Thank you for your patience and understanding as we work towards providing the best possible experience with our plugin. If you have any further questions or concerns, please feel free to reach out to us.
Best regards,
PialDear @oscarminipro
I sincerely apologize for the distressing experience you encountered due to the security breach. We sincerely regret any inconvenience, frustration, and loss of time you have endured while resolving the aftermath.
To address the situation and prevent further compromise, I recommend the following steps:
- First , Contact your web hosting provider immediately and inform them about the security breach. They may be able to assist you in restoring your website from a backup or provide guidance on resolving the issue.
- In the meantime , check if you have any backups of your affected sites. If you do, it is crucial to restore the websites using those backups to ensure they are in a secure state. This will help eliminate any malicious code or unauthorized access.
- Ensure that you are using the latest versions of all plugins installed on your websites, especially Essential Addons for Elementor. Our most recent update, version 5.7.2, includes security enhancements and fixes for vulnerabilities.
- In case you don’t have a backup available, please follow these steps: Access your website’s file system and navigate to the “wp-content/plugins” directory. Locate and delete any unrecognized folder similar like- “posts-layouts” plugin and others like this. By removing those folders entirely, you can eliminate the potential entry point for hackers.
- After removing the plugin, it is crucial to update your WordPress core to the latest version. This will ensure that you have the most recent security patches and improvements, further strengthening your website’s defense against potential attacks.
- You can also contact your hosting provider if you need any help accessing the site or the file directory of your site.
- Additionally, I recommend reviewing your themes and deleting any unused ones. If you have active themes, make sure they are updated to their latest versions. Outdated themes can pose security risks, so keeping them up to date is essential for maintaining a secure website.
I understand that cleaning up after a security breach is time-consuming. If you have any further questions or concerns, please don’t hesitate to reach out to us. We value your feedback and are committed to helping you secure your websites effectively.
Dear @apt2it
Thank you for your valuable suggestion regarding the utilization of WP’s internal “process” and emphasizing the importance of focusing on UI and integration with WP. We truly appreciate your insights and feedback.
We want to assure you that we are already in the process of evaluating and improving our widgets and their integration with WordPress. Our development team is actively working on enhancing the overall user experience and ensuring seamless integration with the latest developments with WordPress Core.
Regarding your mention of reducing the size of the Login_Registration trait, we will certainly take that into consideration. Streamlining and optimizing our code is an ongoing effort, and we understand the importance of keeping our plugin lean and efficient.
Furthermore, we understand your concern about features being executed without being enabled or used. We are glad to inform you that the issue you raised regarding features being executed without being enabled or used has already been addressed in our latest version of Essential Addons.
Once again, we appreciate your valuable input and suggestions. Your feedback plays a crucial role in our continuous improvement efforts, and we are committed to delivering an exceptional product that meets your needs and exceeds your expectations.
If you have any further suggestions or questions, please feel free to share them with us. We are here to listen and collaborate with you.
Thank you for your support and trust in Essential addons.
Best regards,
PialHello @maimone1983 ,
We again sincerely apologize for the distressing experience you encountered due to the security breach. As we have already mentioned Our most recent update Essential Addons for Elementor version 5.7.2, includes security enhancements and fixes for vulnerabilities.
If you have a Backup of your site, just restore the site and then Ensure that you are using the latest versions of all plugins installed on your websites, especially Essential Addons for Elementor. Our most recent update, version 5.7.2, includes security enhancements and fixes for vulnerabilities
Additionally, I recommend reviewing your themes and deleting any unused ones. If you have active themes, make sure they are updated to their latest versions. Outdated themes can pose security risks, so keeping them up to date is essential for maintaining a secure website.
If you have any further questions or concerns, please don’t hesitate to reach out to us.
ThanksHello again @hashimea
If you disable the Reset Password form option, then the email notification is handled by Default WordPress system hence the template configuration is unavailable. To use our custom template feature for the Rest Password Form, you need to enable the Reset Password form option. To change the Default WordPress reset password email, you can check the doc regarding the filter hook from WordPress: retrieve_password_notification_email
And regarding the other issue, after the reset password form disabled, it still works properly on our end please check here: https://d.pr/v/V4tYl1
Hope it helps
ThanksHello @apt2it & @nodwsp ,
Hope you are doing well.
We again sincerely apologize for the distressing experience you encountered due to the security breach. As we have already mentioned Our most recent update Essential Addons for Elementor version 5.7.2, includes security enhancements and fixes for vulnerabilities.
To address the vulnerability situation and prevent further compromise, I recommend the following steps:- First and foremost, check if you have any backups of your affected sites. If you do, it is crucial to restore the websites using those backups to ensure they are in a secure state. This will help eliminate any malicious code or unauthorized access.
- Ensure that you are using the latest versions of all plugins installed on your websites, especially Essential Addons for Elementor.
- In case you don’t have a backup available, please follow these steps: Access your website’s file system and navigate to the “wp-content/plugins” directory. Locate and delete any unrecognized folder similar like- “posts-layouts” plugin and others like this. By removing those folders entirely, you can eliminate the potential entry point for hackers.
- After removing the plugin, it is crucial to update your WordPress core to the latest version. This will ensure that you have the most recent security patches and improvements, further strengthening your website’s defense against potential attacks.
- You can also contact your hosting provider if you need any help accessing the site or the file directory of your site.
- Additionally, I recommend reviewing your themes and deleting any unused ones. If you have active themes, make sure they are updated to their latest versions. Outdated themes can pose security risks, so keeping them up to date is essential for maintaining a secure website.
About your suggestion regarding the resetting procedure, YES with the latest version, we are using the WordPress core Password Reset structure in our Plugin.
And about disabling the curl and other functions, we have taken steps to prevent unauthorized access without verification so you can enable those functions if needed.
I understand that cleaning up after a security breach is time-consuming. If you have any further questions or concerns, please don’t hesitate to reach out to us. We value your feedback and are committed to helping you secure your websites effectively.- This reply was modified 2 years, 12 months ago by Pial.
- This reply was modified 2 years, 12 months ago by Jan Dembowski.
Dear @audune
I sincerely apologize for the distressing experience you encountered due to the security breach. We sincerely regret any inconvenience, frustration, and loss of time you have endured while resolving the aftermath.
To address the situation and prevent further compromise, I recommend the following steps:
- First and foremost, check if you have any backups of your affected sites. If you do, it is crucial to restore the websites using those backups to ensure they are in a secure state. This will help eliminate any malicious code or unauthorized access.
- Ensure that you are using the latest versions of all plugins installed on your websites, especially Essential Addons for Elementor. Our most recent update, version 5.7.2, includes security enhancements and fixes for vulnerabilities.
- In case you don’t have a backup available, please follow these steps: Access your website’s file system and navigate to the “wp-content/plugins” directory. Locate and delete any unrecognized folder similar like- “posts-layouts” plugin and others like this. By removing those folders entirely, you can eliminate the potential entry point for hackers.
- After removing the plugin, it is crucial to update your WordPress core to the latest version. This will ensure that you have the most recent security patches and improvements, further strengthening your website’s defense against potential attacks.
- You can also contact your hosting provider if you need any help accessing the site or the file directory of your site.
- Additionally, I recommend reviewing your themes and deleting any unused ones. If you have active themes, make sure they are updated to their latest versions. Outdated themes can pose security risks, so keeping them up to date is essential for maintaining a secure website.
I understand that cleaning up after a security breach is time-consuming. If you have any further questions or concerns, please don’t hesitate to reach out to us. We value your feedback and are committed to helping you secure your websites effectively.
- This reply was modified 2 years, 12 months ago by Pial.
Hello again @hashimea
I am sorry to hear that you have switched to another Plugin.
However, I have tried recreating your mentioned issue but it’s working properly on our site check this demonstration : https://d.pr/v/9gRbBT
About your second comment, the email customization option is already in the “Lost Password Email Option ” Please check here: https://d.pr/v/wIJbBP
Hope it helps, thank you for your cooperation, and we look forward to your response.Best regards,
Pial - Regarding the automatic update process, we would like to clarify that we did reach out to the WordPress Plugin Review Team and followed their guidelines to ensure the security update was released through the official channels. We collaborated closely with the team to expedite the process and make the update available to our users as quickly as possible. However, due to the nature of the review and approval process, there may have been a slight delay in the automatic update reaching all users. We apologize for any inconvenience caused by this delay.