BricksUltimate Plugin was/is backdoored from the developer itself

There were some rumors over the last days but now it’s offical bricksultimate plugin was backdoored from the dev itself.

Here’s his official “apology” :

I think bricks builder should demand every thirdparty dev/seller to remove the name bricks from the product itself. Otherwise it will hurt the reputation of bricksbuilder in the long run. And maybe even sue the dev behind bricksultimate for bringing that damage to the name. Maybe a little bit harsh.

Ok, at least he accepts the mistake and apologizes openly. It is something. He realized that the damage from piracy will be nothing compared to this.

And btw, who in their right mind takes seriously those who use pirated software for professional work. Just ignore them…pirating your software is certainly not the only place where they’re cutting corners. They suck top to bottom!

You are right about the name, it should be called “Ultimate for Bricks” :slight_smile:
When it comes to piracy, it should already be clear to every WordPress developer that protection is pointless.

An example of this is the protection and distribution of Fremius. Removing the protection takes little time for those in the know, but in 2023 >1000 sites were vulnerable through it. This will directly impact over 1000 !!! plugins and themes that use this SDK.

bricks can not control over who sells what users are responsible what they buy. even with unlimited budget elementor doesn’t do that. why bricks should. lol.
same for freemius they give the SDK and PHP framework people just include that and use it with their theme and plugins they don’t have any control over what people develop.

never used this plugin/addon

but atleast he knows he made a VERY big mistake

The vulnerability was in freemius, and not something that people develop :slight_smile:

did you read the full article?

I am not in the FB group but on this article I didn’t see any mention for freemius.

where is your source for this?

I’m not in the Facebook group either

google search - freemius wordpress vulnerable

Freemius SDK <= 2.5.9 - Reflected Cross-Site Scripting via fs_request_get.