Hi,

We of course feel very sorry for everybody who has been hacked. It is not really fair to say such a bad thing! How do you come up with this idea? Do you follow our customer service at all? Additionally if you would have read carefully what we have answered here in the comments you would have seen that we apologised.

To be more transparent:

We have had the plugin tested for vulnerabilities from security companies, updated the plugin as advised in a normal way, included an auto update system to make updating an easy process and informed the customers to update. We were advised to make a silent update to not inform the public of how to hack the sites and give all people a chance to update.

As a customer you get an information mail about every update from Envato (the license seller). Again we feel very sorry for everybody being hacked but missing at least 29 (!)updates of a plugin, really? If the update description of the current update states “Security Fix” do you think “Ah, this cannot be important”. Should we have posted a HowTo hack your page at that time? Nobody had updated then, mainly evil minds seem to read the update informations. The damage would be unbelievable!

We informed everybody via our twitter account to update and we informed Envato and Mojothemes to send out messages to the customers.

Hope this adds a little transparency to what have happened. This is not meant as justification but for transparency.

Cheers, ThemePunch