No longer available? What’s the reason?

  • Resolved KZeni

    (@kzeni)


    1 year, 9 months ago

    Per https://www.ads-software.com/plugins/wp-better-emails/:

    This plugin has been closed as of January 10, 2023 and is not available for download. This closure is temporary, pending a full review.

    Is there an established reason why this happened? Was it simply due to developer inactivity, is there something more severe like a security concern, or was it something else entirely? It doesn’t seem to be from the plugin author/maintainer since it wouldn’t need a review to confirm this status.

    This notice being entirely non-descriptive leaves me unsure about what to do with sites this is already installed on (especially considering it’s stated to be “temporary” & awaiting a proper review where it might turn out to be totally fine & re-instated…?) It’s almost been a month now without further info being posted that I’ve found.

    For whomever (or whatever, if this was automated) triggered this to be made unavailable, it would definitely help to provide at least some context as to why this was done in the future.

Viewing 5 replies - 1 through 5 (of 5 total)

  • +1
    Agree 100%

    The WP Better Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

    More: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-better-emails/wp-better-emails-04-authenticated-administrator-stored-cross-site-scripting

    I use this plugin on several sites and certainly hope the author can patch the vulnerability and update the plugin! Please let us know what the status is, so that we can decide if a replacement plugin will be needed.

    • This reply was modified 1 year, 9 months ago by ASGrant.
    Moderator James Huff

    (@macmanx)

    Just weighing in here, but you folks might want to consider an alternative plugin, like https://www.ads-software.com/plugins/bnfw/ or https://www.ads-software.com/plugins/email-customizer/

    Reason being, as you can see on https://www.ads-software.com/plugins/wp-better-emails/ besides the closure warning:

    • Last updated: 2 years ago
    • Tested up to: [WordPress] 5.5.11 (WordPress is currently version 6.1.1)

    And, if you look at https://www.ads-software.com/support/plugin/wp-better-emails/ no developer support replies for 2 years.

    Switching to a new plugin sucks, I get it, I’ve been through that plenty of times myself, but this appears to be not only an abandoned plugin but also one with a now publicly known security vulnerability.

    As the security report linked to above mentions though, “This only affects multi-site installations and installations where unfiltered_html has been disabled.”

    So, if you aren’t using multi-site for now, you should be safe, but you’re still dealing with an abandoned plugin. The plugin may be safe and work just fine for now. Still, over time it will develop compatibility issues, and any further bugs or security vulnerabilities discovered in the future will go unfixed.

    For whomever (or whatever, if this was automated) triggered this to be made unavailable, it would definitely help to provide at least some context as to why this was done in the future.

    For a variety of reasons, ranging from security to privacy, we don’t release that information.

    Though, of course, the security vulnerability has been made public by third parties, so in this case, that’s a moot point now.

    Thread Starter KZeni

    (@kzeni)

    Definitely appreciate the follow-up information, and it all makes total sense to me.

    I also appreciate the suggested alternatives. I was already looking at https://www.ads-software.com/plugins/bnfw/ and/or https://www.ads-software.com/plugins/email-templates/ (with https://www.ads-software.com/plugins/email-customizer/ seeming to be similar to the latter, but without as many active installs) as the way to keep this similar enhancement while removing the seemingly abandoned WP Better Emails plugin.

    Marking this topic as resolved as my questions & concerns have been addressed while it seems likely that previous users of this plugin just need to replace it with an alternative at this point.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘No longer available? What’s the reason?’ is closed to new replies.