Crtical vulnerability not notified to customers

  • The failure to notifiy registered users of the critical vulnerabilty notified to them on 8th May and (solved by a simple update) on 11th May is a big breach of trust. They prioritised saving their embrassment over protecting customers. We had multiple sites infected with malware between 11th – 17th May as a result of a known vulnerability in this plugin (google it). This could have been avoided if they had properly ccommunicated it. We have had to spend over 80 developer hours rebuilding and restoring these sites with hundreds of hours of cumulative logged downtime on those sites. The add ons are useful, but nothing that isn’t also available from dozens of competing products from other plugin suppliers that don’t have this stain on their reputation.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Rafin

    (@rafinkhan)

    Hi @palomarux,

    First of all, we are extremely sorry about the inconvenience caused. However, we sent out emails to all our users (both FREE & PRO) regarding the vulnerability asking them to immediately update the Essential Addons plugin. Here’s the screenshot.

    Unfortunately, you may have missed the email or it may have went to the spam. Besides, we contacted the WordPress Plugin Review team immediately so that anyone using 5.7.x versions, their plugin gets automatically get up-to-date to the latest version. So, it would be unfair to say that we didn’t try to contact our users.

    Anyways, we would like to apologize again for the inconvenience caused. If you need any assistance, please let us know. Thanks.

    Thread Starter palomarux

    (@palomarux)

    “Inconvenience” ?? $15K lost due to downtime and repair work is not an “inconvenience”

    • This reply was modified 1 year, 6 months ago by palomarux.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Crtical vulnerability not notified to customers’ is closed to new replies.