Forum Replies Created

Viewing 15 replies - 1 through 15 (of 267 total)
  • Plugin Author ThemeGrill

    (@themegrill)

    Hi @animallawnewsandabuse,

    Once we were reported this issue, we immediately released an update with a fix even when it was weekend time. The issue is already resolved in the version 1.6.2 (released on Feb 16) and followed by version 1.6.3 (released on Feb 18) with more security enhancement.

    The best approach to tackle this issue is: please contact your hosting service provider and ask them to restore to last working backup they have. These days most hosting service provider do have this backup service. Once you do this, please delete/deactivate the ThemeGrill Demo Importer plugin if you are not using it, if you need to use it, please make sure you are using the latest version 1.6.3.

    Sorry for the inconvenience caused. We understand it is a difficult situation for our users but where we stand we can only look forward, we are doing our best now. As per our request, wordpress(dot)org plugin team has helped us to auto-update affected earlier versions to the latest version so that more users are not affected by this.

    Thanks.
    Sanjip S.

    Plugin Author ThemeGrill

    (@themegrill)

    Hi @francescocugini,

    The issue is already resolved in the version 1.6.2 (released on Feb 16) and followed by version 1.6.3 with more security enhancement. This was caused by hackers who exploited security issue in earlier versions.

    Sorry for the inconvenience caused. We understand it is a difficult situation for our users but where we stand we can only look forward, we are doing our best now. As per our request, wordpress(dot)org plugin team has helped us to auto-update affected earlier versions to the latest version so that more users are not affected by this.

    The best approach to tackle this issue is: please contact your hosting service provider and ask them to restore to last working backup they have. These days most hosting service provider do have this backup service. Once you do this, please delete/deactivate the ThemeGrill Demo Importer plugin if you are not using it, if you need to use it, please make sure you are using the latest version 1.6.3.

    Thanks.
    Sanjip S.

    Theme Author ThemeGrill

    (@themegrill)

    Hi @graficavillcom,

    Yes, we were reported about this security issue and have already fixed it immediately in our latest version 1.6.2 (released on Feb 16) and followed by version 1.6.3 with more security enhancement for ThemeGrill Demo Importer plugin. If this plugin in your site was not updated to latest version, bad people might have used it to reset your site, which likely seems to be what happened in your case.

    The best approach to tackle this issue is: please contact your hosting service provider and ask them to restore to last working backup they have. These days most hosting service provider do have this backup service. Once you do this, please delete/deactivate the ThemeGrill Demo Importer plugin if you are not using it, if you need to use it, please make sure you are using the latest version 1.6.3

    We would like to apologize for the inconvenience caused. As per our request, wordpress(dot)org plugin team has now helped us to auto-update all old versions to the latest version so more users are not affected by this. We as developers are working continuously to better handle this.

    Thanks.
    Sanjip S.

    Plugin Author ThemeGrill

    (@themegrill)

    Hi @debbietechforceonsite,

    We have checked and restoring is the best approach. When you restore, all theme/plugins files are restored to the unaffected point. Then you simply, delete or update the ThemeGrill Demo Importer plugin and there’s no backdoor left.
    Also, once you restore, just for assurance you can also use Sucuri plugin to scan your whole site.
    And, we are sorry for the inconvenience caused and if you any more confusion, please use this contact page and we will get back to you in detail.

    Thanks.
    Sanjip S.

    Plugin Author ThemeGrill

    (@themegrill)

    Hi @ahatandacoat,

    The issue is already resolved in the version 1.6.2 (released on Feb 16) and followed by version 1.6.3 with more security enhancement.

    Sorry for the inconvenience caused. We understand it is a difficult situation for our users but where we stand we can only look forward, we are doing our best now. As per our request, wordpress(dot)org plugin team has now helped us to auto-update some of the last versions to the latest version so more users are not affected by this.

    The best approach to tackle this issue is: please contact your hosting service provider and ask them to restore to last working backup they have. These days most hosting service provider do have this backup service. Once you do this, please delete/deactivate the ThemeGrill Demo Importer plugin if you are not using it, if you need to use it, please make sure you are using the latest version 1.6.3.

    Thanks.
    Sanjip S.

    Theme Author ThemeGrill

    (@themegrill)

    Hi,
    There was a security problem in the TG demo importer plugin 1.6.1 or lower and hackers might have used it to reset your site. We apologize for it.

    To get back your site, the best approach is to contact your hosting provider (checked and Godaddy hosting provider seems to be your host) and ask them to restore to last working backup they have. Most of the hosting provider these days do have backup system.

    Once you do this, please delete or deactivate the ThemeGrill Demo Importer plugin if you’re not using it anymore otherwise update to the latest version of the plugin (1.6.3)

    I hope this helps.

    Thanks.

    Plugin Author ThemeGrill

    (@themegrill)

    Hi @second69,

    Firstly, sorry for the inconvenience caused. We understand it is a difficult situation for our users but where we stand we can only look forward, we are doing our best now. As per our request, wordpress(dot)org plugin team has now helped us to auto-update some of the last versions to the latest version so more users are not affected by this.

    The best approach to tackle this issue is: please contact your hosting service provider and ask them to restore to last working backup they have. These days most hosting service provider do have this backup service. Once you do this, please delete/deactivate the ThemeGrill Demo Importer plugin if you are not using it, if you need to use it, please make sure you are using the latest version 1.6.3.

    Thanks.
    Sanjip S.

    Plugin Author ThemeGrill

    (@themegrill)

    Hi @hausi91,

    Firstly, sorry for the inconvenience caused. We understand it is a difficult situation for our users but where we stand we can only look forward, we are doing our best now. As per our request, wordpress(dot)org plugin team has now helped us to auto-update some of the last versions to the latest version so more users are not affected by this.

    The best approach to tackle this issue is: please contact your hosting service provider and ask them to restore to last working backup they have. These days most hosting service provider do have this backup service. Once you do this, please delete/deactivate the ThemeGrill Demo Importer plugin if you are not using it, if you need to use it, please make sure you are using the latest version 1.6.3.

    Thanks.
    Sanjip S.

    Plugin Author ThemeGrill

    (@themegrill)

    Hi @anonymouskane,

    Yes, we were reported about this security issue and have already fixed it in our latest version 1.6.2 and followed by version 1.6.3 with more security enhancement for ThemeGrill Demo Importer plugin.

    The best approach to tackle this issue is: please contact your hosting service provider and ask them to restore to last working backup they have. These days most hosting service provider do have this backup service. Once you do this, please delete/deactivate the ThemeGrill Demo Importer plugin if you are not using it, if you need to use it, please make sure you are using the latest version 1.6.3

    We would like to apologize for this issue. We have also contacted the wordpress(dot)org plugin review team to make this update as an automatic one so as to make sure that more users don’t face this issue. We as developers are working continuously to better handle this.

    Thanks.
    Sanjip S.

    Plugin Author ThemeGrill

    (@themegrill)

    Hi @matgreenfield,

    Security is a continuous process. We try our best to resolve the security issues, however, we cannot assume they will never come. This was our first time with critical security vulnerability, this is a hard lesson learned for us and we will try to make our approaches better in the coming days. In this case as well, once the exact issue was reported to us, we immediately fixed the issue and released the patch even in the weekend time as we take it seriously.

    Having all said, please accept our apology for the inconvenience caused.

    Thanks.
    Sanjip S.

    Plugin Author ThemeGrill

    (@themegrill)

    Hi @sylwiachwalana,

    Yes, we were reported about this security issue and have already fixed it in our latest version 1.6.2 and followed by version 1.6.3 with more security enhancement for ThemeGrill Demo Importer plugin.

    The best approach to tackle this issue is: please contact your hosting service provider and ask them to restore to last working backup they have. These days most hosting service provider do have this backup service. Once you do this, please delete/deactivate the ThemeGrill Demo Importer plugin if you are not using it, if you need to use it, please make sure you are using the latest version 1.6.3

    We would like to apologize for this issue. We have also contacted the wordpress(dot)org plugin review team to make this update as an automatic one so as to make sure that more users don’t face this issue. We as developers are working continuously to better handle this.

    Thanks.
    Sanjip S.

    Plugin Author ThemeGrill

    (@themegrill)

    Hi @mauldincultural,

    Yes, if you have updated the plugin ‘ThemeGrill Demo Importer’ to 1.6.3, then you should be secure now.

    Also, as this plugin is used to setup/import the initial demo for ThemeGrill themes, if that purpose is fulfilled, you can simply delete the plugin from your site. If you need it later, you can simply install it.

    Thanks.
    Sanjip S.

    Theme Author ThemeGrill

    (@themegrill)

    Please use our support ticket page as we cannot support paid users here.

    Thanks.

    Theme Author ThemeGrill

    (@themegrill)

    Hi @snycha-1,

    Well, the theme does not do anything of that sort – sending emails. There is no feature/function or code within the theme that does this in anyway.

    Everest form is a contact form plugin which is installed and activated if you are installing any of our demo via ThemeGrill Demo Importer plugin and also if the demo uses the Everest form. This form is just a contact form and it also does not send out any emails on it’s own.
    The theme and plugin both are hosted here in wordpressdotorg repo, nothing of such sort is added in the code. Anyone can check on it.

    Also, you mentioned some sort of advertising, can you please provide more information on that. The theme uses TGM to recommend few plugins and also recommends our new Gutenberg ready theme which also can be easily removed by just clicking the ‘cross’ button. It does not show after that.

    If you could provide more information to your issue, we would like to check on it and find the exact cause. Also, we request you to recheck on it, once you are clear that it is not a theme doing, we request you to consider your review as well.

    Thanks.
    ThemeGrill

    Theme Author ThemeGrill

    (@themegrill)

    Hi @cchavarria,

    Thanks for reporting this. Yes, looks like there was an issue with version 1.2.3. We have fixed the issue. Please update to the new version 1.2.4 and the issue will be fixed.
    Once again we are sorry for the inconvenience caused.

    Thanks.
    ThemeGrill

Viewing 15 replies - 1 through 15 (of 267 total)