• You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.

    Our resources on Babiato Forum are CLEAN and SAFE. So you can use them for development and testing purposes. If your are on Windows and have an antivirus that alerts you about a possible infection: Know it's a false positive because all scripts are double checked by our experts. We advise you to add Babiato to trusted sites/sources or disable your antivirus momentarily while downloading a resource. "Enjoy your presence on Babiato"

The Plus Addons for Elementor - Most Populars Addon For Elementors

The Plus Addons for Elementor - Most Populars Addon For Elementor v5.5.2

No permission to download
Overview Updates (79) Reviews (8) History Discussion
Elementor facebook group is full of posts about this security issue, seems like a lot of people are affected by it.
 
Still isnt patched! From the Wordfence blog: "Unfortunately, the latest update didn’t fully address the security issues."
 
I can't figure out how to clean... if I replace the files in the zip will that help anything, any body know
 
  • Like
  • Love
Reactions: smalok, Babak and JRGWxRxZ
M.C said:
I can't figure out how to clean... if I replace the files in the zip will that help anything, any body know
Click to expand...
If you get infected with a recent vulnerability: What Steps You Should Take
Security of Your Assets Should be Your First Priority. So Here Are Some Symptoms That You’ve Got Hacked, Especially For This Incident :
Security of your site should be the first priority. So here are fairly obvious indications that you've been compromised in some way
1. You’ve Got an Unknown Administrator User in Your User’s List
Check For Any Unknown Admin Users in Your WordPress Site. In-order to Check This, Go to Users -> All Users -> Delete Any Unknown Admin account. We Have Found a Common Email : [email protected]
2. Unknown Plugin is Got Installed in Your Directory
Check for Any Unknown Plugins Installed in Your Repository. To Check This Go to Plugins -> Installed Plugins -> And Make Sure You Have Only Known Plugin Installed, Delete If You Find Any Unwanted Plugin (eg. Wp_staff)
3. You Found Encrypted & Gibrrish URLs in Your Code
These Links Can be Passing Data to Some Remote IP. Clean Your Site Immediately.
4. You Found Encrypted & Gibrrish URLs in Your Code
These Links Can be Passing Data to Some Remote IP. Clean Your Site Immediately.To check this Run a full Site Scanner with Wordfence and find for any informalities in WP-Core Files (Eg. Wp-Config)
And Now These are The Steps You Should Take in Order to Get Secured :
I have mentioned the patched version name
1. Update The Plus Add-ons for Elementor to the Latest Version(4.1.6) Available in Store. If You've not received any Update Notification, Then follow This Guide https://www.facebook.com/theplusad.../posts/2533392430288273 .
2. Update Your Other Plugins, Themes & WordPress Code to the Latest Version Available. (Make sure to take backup before this, If you think that is required based on themes/plugins you are going to update.)
3. Delete any Unnecessary Plugins
4. Take a Full Site Backup Dated Before March 8th, 2021. This is the Time Before Issue Was Uncovered, So There’s No Chance of Hack. Keep It in Some Safe Place like External Hard Drive or Cloud Storage, In-case You Find Issue After a Couple of Days.
Take it one Step Ahead
There Are Lesser Than None Chances That Your Site Might Get Hacked During This Patch Release Cool Down Time. And If You Don’t Have Live Login / Register Functionality, Then This’ll Never Concern You.
Up To now we have seen very few incidents of hacking, chances are very less for your site getting compromised. This new Patch Release will completely fix this and you will be safe from any form of hack attempt.
This Part Takes You Around How Can You Scan & Clean Your Site Using Some Online Tools Available Regardless of This Issue. Here’s is A List of Steps, Tool Suggestion & Security Related Info With Links You Should Follow :
Hope above will help us to keep your sites safe as well as resolve issues you are having due to vulnerabilities.
 
  • Love
  • Like
Reactions: smalok, Babak, M.C and 1 other person
My site was infected by this. I had an account register on my site as admin while I was asleep. A plugin named 'WP Strong' installed, and after I was able to install and run Anti-Malware Security and Brute-Force Firewall, it had only got to 20% of the scan, and I already had over 3,000 files infected with what Bitdefender caught as JS:Trojan.Cryxos.4095.

I restored to a backup from March 7th, everything is good now. I will not be using ThePlusAddons from this point forward. I did have a legit license for it also.

Be careful everyone.
 
SC36 said:
My site was infected by this. I had an account register on my site as admin while I was asleep. A plugin named 'WP Strong' installed, and after I was able to install and run Anti-Malware Security and Brute-Force Firewall, it had only got to 20% of the scan, and I already had over 3,000 files infected with what Bitdefender caught as JS:Trojan.Cryxos.4095.

I restored to a backup from March 7th, everything is good now. I will not be using ThePlusAddons from this point forward. I did have a legit license for it also.

Be careful everyone.
Click to expand...
It was happening before my eyes yesterday! Terrible! Luckily backups were ready to restore :)
 
  • Wow
Reactions: SC36
If your using wordfence, make sure to check each site that the firewall is really enabled, mine says it is but not not showing protection level, I cleaned 15 sites yesterday, & at 6 am it injected code to all index.php files everywhere, all files with an index.php, even if it has leading name before.

And after clean, if the plugin bdthemes element pack causes critical wordpress error, remove & it fixes that.

Attached scrn of wordfence - not sure how to fix this

1615399241920.png
 
  • Like
Reactions: SC36
M.C said:
If your using wordfence, make sure to check each site that the firewall is really enabled, mine says it is but not not showing protection level, I cleaned 15 sites yesterday, & at 6 am it injected code to all index.php files everywhere, all files with an index.php, even if it has leading name before.

And after clean, if the plugin bdthemes element pack causes critical wordpress error, remove & it fixes that.

Attached scrn of wordfence - not sure how to fix this

1615399241920.png
Click to expand...


Fixed the issue, you must completely drop all tables from db to do clean install of wordfence, looks normal now, fyi...

This hack sucks...
 
  • Like
Reactions: SC36
Sad to see how many have been affected by this vuln. I did an audit once while I was selecting the best "Elementor addons pack" plugin to use for all my clients' sites. ElementsKit came out on top. The code quality and attention to security that the Wpmet team put into their plugins is second only to that of WPDeveloper.

The main takeaway from this is to say, don't just randomly select and use plugins because they have a beautiful landing page or catchy marketing phrases. Do your due diligence of auditing (or hiring someone to audit) plugins for common security pitfalls, especially those reiterated in the OWASP Top 10.
 
  • Like
Reactions: Spyders, smalok and SC36
asja said:
Sad to see how many have been affected by this vuln. I did an audit once while I was selecting the best "Elementor addons pack" plugin to use for all my clients' sites. ElementsKit came out on top. The code quality and attention to security that the Wpmet team put into their plugins is second only to that of WPDeveloper.

The main takeaway from this is to say, don't just randomly select and use plugins because they have a beautiful landing page or catchy marketing phrases. Do your due diligence of auditing (or hiring someone to audit) plugins for common security pitfalls, especially those reiterated in the OWASP Top 10.
Click to expand...

I appreciate the info and suggestion in your comment. Thanks for taking the time to write it. I currently have some Croco Block stuff, Happy Add Ons, I will have to check these out.
 
  • Like
Reactions: r3turn_z3r0
  • Like
  • Love
Reactions: Babak, JRGWxRxZ, smalok and 1 other person
You must log in or register to reply here.

Similar threads

Babak
The Plus Addons for WPBakery Page Builder
Replies
20
Views
4K
CodeCanyon
𝐍𝖾ω𝐋ⱺ𝗀𝗂𐓣𝐎𐓣𝐓ɦ𝖾𝐁ᥣⱺ𝗄
𝐍𝖾ω𝐋ⱺ𝗀𝗂𐓣𝐎𐓣𝐓ɦ𝖾𝐁ᥣⱺ𝗄
C
Classified Plus - PHP Classifieds Ads Script
Replies
1
Views
1K
CodeCanyon
Babak
Babak
Babak
BWD Content Switcher Plus Addon For Elementor
Replies
0
Views
149
CodeCanyon
Babak
Babak
BigRed
Fancy Product Designer Plus Add-On | WooCommerce WordPress
Replies
4
Views
2K
CodeCanyon
rainbowmusicled
rainbowmusicled
TheChameleon
WaveSurfer Plus - MP3 Player module for Gmedia plugin
Replies
2
Views
783
CodeCanyon
TheChameleon
TheChameleon

Latest posts

Forum statistics

Threads
79,627
Messages
1,146,652
Members
250,900
Latest member
bep1972

Share this page

Share this page
Top Bottom
Back
AdBlock Detected

We get it, advertisements are annoying!

However in order to keep our huge array of resources free of charge we need to generate income from ads so to use the site you will need to turn off your adblocker.

If you'd like to have an ad free experience you can become a Babiato Lover by donating as little as $5 per month. Click on the Donate menu tab for more info.

I've Disabled AdBlock