BricksUltimate Plugin was/is backdoored from the developer itself

SachiBachi · March 14, 2024, 10:29am

There were some rumors over the last days but now it’s offical bricksultimate plugin was backdoored from the dev itself.

Here’s his official “apology” :

I think bricks builder should demand every thirdparty dev/seller to remove the name bricks from the product itself. Otherwise it will hurt the reputation of bricksbuilder in the long run. And maybe even sue the dev behind bricksultimate for bringing that damage to the name. Maybe a little bit harsh.

Jargon · March 14, 2024, 10:59am

Ok, at least he accepts the mistake and apologizes openly. It is something. He realized that the damage from piracy will be nothing compared to this.

And btw, who in their right mind takes seriously those who use pirated software for professional work. Just ignore them…pirating your software is certainly not the only place where they’re cutting corners. They suck top to bottom!

clickfusion63 · March 14, 2024, 11:20am

You are right about the name, it should be called “Ultimate for Bricks”
When it comes to piracy, it should already be clear to every WordPress developer that protection is pointless.

An example of this is the protection and distribution of Fremius. Removing the protection takes little time for those in the know, but in 2023 >1000 sites were vulnerable through it. This will directly impact over 1000 !!! plugins and themes that use this SDK.

sinanisler · March 23, 2024, 10:18am

bricks can not control over who sells what users are responsible what they buy. even with unlimited budget elementor doesn’t do that. why bricks should. lol.
same for freemius they give the SDK and PHP framework people just include that and use it with their theme and plugins they don’t have any control over what people develop.

never used this plugin/addon

but atleast he knows he made a VERY big mistake…

clickfusion63 · March 23, 2024, 11:06am

The vulnerability was in freemius, and not something that people develop

sinanisler · March 23, 2024, 11:50am

did you read the full article?

I am not in the FB group but on this article I didn’t see any mention for freemius.

where is your source for this?

clickfusion63 · March 23, 2024, 1:20pm

I’m not in the Facebook group either

google search - freemius wordpress vulnerable

Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get.