Thanks for this but just to note - the link seems to go to (possibly) the full version which can be downloaded by anyone, even those who've not paid for the plugin?
Also your changelog states that this version was released on April 14th, which is in the future?
Have a look in your Wordpress tables. You should see one called ..
wp_options
It should look like this...
After deleting the hacked plugin (from your /wp-content/themes/ folder), go into the wp_options above and alter the "siteurl" entry to your site name (https://www.mysite.com) instead of the spammy guff that the hackers put in.
This all could've been much worse. Wasp Themes were lucky here but I'm annoyed that a paid-for plugin got hacked like this with a zero-day vulnerability.
(By the way, I don't work for them, I just thought I'd share how I fixed it)
Anyone can get hacked these days and we're sorry for any inconvenience caused by security beach.
A lot of plugins are being hacked these days and as all developers we try to fix them ASAP.
We're sorry for all troubles caused by our plugin, we had no intention to make unsecure plugin. We have overlooked that some people can exploit that.
We will work hard on securing our plugin so something like this doesn't happen again. Luckily it wasn't massive security breach and it can be fixed easily
For all people who are being hacked we will fix your website. You have to make private ticket with login credentials so we can go to database and fix it. Also we do the upstate of our plugin for users who have hard time doing them.
Ta David. Hopefully a walk-through with some pictures could help to rectify, but I'm all back and running with the updated version now. Thanks for your help.
Sorry for my bad english but I have the same problem, my web is redirected by "hellofromdoly" to some shity pages and the problem is my "/wp_options/url" and "/wp_options/site" are correct, and I already deleted yellowpencil from my /wp-contents/plugins.
Please let me know when your plugin is fixed. I've had to bin all the updates done with your plugin and disable it
Hi There,
We are sorry.. We publish a update and fixed the vulnerability. Please check this article for information.
Let me know if you need help.
Best Regards
Thanks for this but just to note - the link seems to go to (possibly) the full version which can be downloaded by anyone, even those who've not paid for the plugin?
Also your changelog states that this version was released on April 14th, which is in the future?
https://yellowpencil.waspthemes.com/changelog/
Changelog was corrected.
Yes, we made it possible for anyone to download that particular update version so that users get security patch.
Best regards,
WaspThemes team
And don't forget to rate our plugin, it means a lot to us!
Hi,
Can you please explain how we get to the "wordpress_options table." Where is it in the PHPMyAdmin?
We need clearer and step-by-step instructions.
Hesam
Have a look in your Wordpress tables. You should see one called ..
wp_options
It should look like this...
After deleting the hacked plugin (from your /wp-content/themes/ folder), go into the wp_options above and alter the "siteurl" entry to your site name (https://www.mysite.com) instead of the spammy guff that the hackers put in.
This all could've been much worse. Wasp Themes were lucky here but I'm annoyed that a paid-for plugin got hacked like this with a zero-day vulnerability.
(By the way, I don't work for them, I just thought I'd share how I fixed it)
Anyone can get hacked these days and we're sorry for any inconvenience caused by security beach.
A lot of plugins are being hacked these days and as all developers we try to fix them ASAP.
We're sorry for all troubles caused by our plugin, we had no intention to make unsecure plugin. We have overlooked that some people can exploit that.
We will work hard on securing our plugin so something like this doesn't happen again. Luckily it wasn't massive security breach and it can be fixed easily
For all people who are being hacked we will fix your website. You have to make private ticket with login credentials so we can go to database and fix it. Also we do the upstate of our plugin for users who have hard time doing them.
That's at least we can do for our users!
Best regards,
WaspThemes team
And don't forget to rate our plugin, it means a lot to us!
Ta David. Hopefully a walk-through with some pictures could help to rectify, but I'm all back and running with the updated version now. Thanks for your help.
Hello,
Sorry for my bad english but I have the same problem, my web is redirected by "hellofromdoly" to some shity pages and the problem is my "/wp_options/url" and "/wp_options/site" are correct, and I already deleted yellowpencil from my /wp-contents/plugins.
anyone have any idea about what can I do?
Hi,
@Lara - please read this article.
Best regards,
WaspThemes team
And don't forget to rate our plugin, it means a lot to us!