Blog

Important Notice: Builder Contact Security Vulnerability (Action Required)

Builder Contact Security Vulnerability

We have noticed the Builder Contact addon had security vulnerability allowing hackers to send spam/phishing emails on behalf of the affected sites. The issue was first reported by a few of our members on the support forum and at the same time we were notified by the WordFence team (big thanks to WordFence team for notifying us the concerns and suggestions). We took immediate action to fix all security flaws and released the update. If you are using Builder Contact prior version 1.4.6, it is highly recommended to update to the latest version immediately. If you have the old Builder Contact version installed on the server but not activated, please either delete it or replace it with the latest version (do not leave the compromised version on the server). If your membership has expired and can't update Builder Contact, please contact us. We will offer a 3-month free membership extension so you can update the plugin. We apologize for any inconvenience it may cause.

65 Comments

  1. Gary M Mordhorst
    Jun 13, 2020 @ 17:12

    Please update my membership so I can update Builder Contact

    Reply

    • Nick @ Themify
      Jun 13, 2020 @ 18:51

      We’ve extended your membership by 3 months. Please update Builder Contact as soon as possible.

      Reply

  2. Peyvand rasouli
    Jun 13, 2020 @ 17:26

    Hello. Thank you for letting us know about it
    I’m not sure if I’ve used it or not.
    Can I have an extension for 3 months to see which plug in to add . I haven’t used really any of the features of my one year membership due to an illness and it’s such a big regret. I feel back on the stage now to continue building my website. I would appreciate if you can give that bonus. I completely understand if you refuse though.

    Reply

    • Nick @ Themify
      Jun 13, 2020 @ 18:50

      We’ve extended your membership by 3 months. Please update Builder Contact as soon as possible. Again, we apologize for the inconvenience.

      Reply

      • Susan Zeegers
        Jul 23, 2020 @ 08:59

        Hi Nick, can you please tell me where to paste the Recaptcha v3 site key and secret key? I do not understand how it works in my themify shoppe theme. Where to paste and save it?

        Thank you in advance,

        Susan

        Reply

  3. Jooheon Kwak
    Jun 13, 2020 @ 17:28

    June 13, 2020
    To whom it may concern at Themify,
    I am currently using Themify Shoppe theme ver. 1.9.3 and I think the Themify Builder is already part of the service within and I didn’t need to get the Themify Builder plug-in separately.
    Builder Contact addon had been seen in the dashboard list of plugin page and then it got deleted. Ever since contact icon at builder module disappeared and I was trying to try out several contact forms such as Contact Form 7, Jetpack:contact form, Contact Form by WPForms-Drag&Drop Form Builder for WordPress, … without choosing any one at this moment.
    I purchased Single Theme for one year. I have a couple of websites for my online business now almost completed and ready for its first time launch (since Oct 2019) with Themify Shoppe theme inspired by Hogan Chua YouTube tutorials. For easement and security of operating my own website using Themify themes, would you please advise on choosing a right contact form for my websites?
    Is Builder Contact good addon despite version prior 1.4.6 may be with some security flaws?
    Thanks in advance,
    Sincerely,
    Joo Heon Kwak, dba.
    DEARJOOKWAK
    https://www.dearjookwak.com
    https://my1store2019.dearjookwak.com

    Reply

    • Nick @ Themify
      Jun 13, 2020 @ 18:49

      If you still have any old version of Builder Contact (before than v1.4.6), please either update it or delete it on your server if you are not using it. The new version is fixed. If you don’t have active membership, let us know and we will offer you a free extension.

      Reply

  4. Wilkin Beall
    Jun 13, 2020 @ 19:52

    My membership has expired. I see you are extended former subscribers’ membership to help them avoid being hacked. Could you do the same for me?
    Thanks

    Reply

    • Nick @ Themify
      Jun 14, 2020 @ 03:17

      Your membership has been extended.

      Reply

    • Jaime
      Jun 14, 2020 @ 15:27

      so question. if we are using the Themify themes and plugins, when you roll out updates to themify or builder does that update the plugins as well? or do we still have to manually redownload the plugins every so often to make sure they are updated?

      Reply

      • Nick @ Themify
        Jun 15, 2020 @ 03:15

        Only the Builder Contact addon is compromised. If you are using Themify themes/plugins, they are fine. If you are updating Builder Contact, please also update the Themify theme.

        Reply

  5. Andreas Beckmann
    Jun 13, 2020 @ 21:22

    Please update my membership so I can update Builder Contact

    Reply

  6. Rosa Ramirez
    Jun 14, 2020 @ 01:32

    I will also need the extension, please, so I am able to fix this problem.
    Thanks,
    Rosa

    Reply

  7. Ales Aliashkevich
    Jun 14, 2020 @ 03:35

    My membership has expired. Please provide a free extension, as outlined in your email.

    Reply

  8. Ar Duar
    Jun 14, 2020 @ 07:03

    thanks you for let us know ! i would like to have the extension , thanks in advance!

    Reply

  9. Sander
    Jun 14, 2020 @ 07:10

    Hy, how do I know I use builder contact?

    Reply

  10. Sander
    Jun 14, 2020 @ 07:14

    hy and then nothoing changes further on the siite?

    Reply

  11. Sander Vos
    Jun 14, 2020 @ 07:22

    I succesfully updated to 1.4.6 ; from the zipfile. How do I remove the files (older) as mentioned?

    Reply

    • Nick @ Themify
      Jun 15, 2020 @ 03:18

      How did you update it? Did you use Themify Updater? If you used Themify Updater, the old version shouldn’t remain on the server.

      Reply

      • Sander
        Jun 16, 2020 @ 05:56

        yes I used updater so should be good but see my latest: catagories now give an error when product is updated!

        Reply

  12. MARK FRANCKE
    Jun 14, 2020 @ 09:27

    the latest version on wordpress and your site is 1.4.6

    please send the link to the new version

    Reply

    • Nick @ Themify
      Jun 15, 2020 @ 03:16

      If you are using Builder Contact 1.4.6, it is fine (that is the fixed version).

      Reply

  13. Steve Ansell
    Jun 14, 2020 @ 18:01

    Please could I also have my inactive membership temporarily enabled so I can update the plugin?

    Reply

  14. David Wilder
    Jun 14, 2020 @ 20:12

    The phrasing is confusing me

    Is it 1.4.6 and prior that is bad?

    Or

    Is 1.4.6 ok. It’s everything before that’s bad?

    Reply

    • Nick @ Themify
      Jun 15, 2020 @ 03:14

      Version 1.4.6+ is ok (it is the latest version we fixed). If you are using any version below that, please update it.

      Reply

  15. Kate Verrall
    Jun 15, 2020 @ 01:30

    Could I please have an extension to update the Builder Contact addon. Thanks.

    Reply

  16. Rishabh Tank
    Jun 15, 2020 @ 04:21

    Can i have an extension so that i can update the fix?

    Reply

  17. Atmadeep Das
    Jun 15, 2020 @ 07:21

    Hello, I am using themify and it has expired, could you please upgrade my membership.

    Reply

  18. Gabriele Bassi
    Jun 15, 2020 @ 10:53

    Hi, I have installed Builder Contact v. 1.2.9.
    Please, could I have a free extension to update the addon?
    Thanks.

    Reply

  19. Lawrence Crees
    Jun 15, 2020 @ 12:42

    Hi,

    My membership has expired. Please could it be extended so I can update Builder Contact?

    Many thanks,

    Lawrence

    Reply

  20. Jay Thanki
    Jun 15, 2020 @ 15:40

    Please update my builder contact.

    Reply

  21. Simon Carline
    Jun 15, 2020 @ 16:15

    Hi, I have the Builder Contact on one of my old sites. Pleade could extend my license so I can update?

    Reply

  22. Dawn Nagata
    Jun 15, 2020 @ 18:42

    Hi could I please get the free extension to update the add-on? Many thanks for letting me know.

    Reply

    • Nick @ Themify
      Jun 18, 2020 @ 21:30

      You currently have active membership with us. You should be able to update Builder Contact with Themify Updater plugin. Please email us if you encounter any issue.

      Reply

  23. Sander
    Jun 16, 2020 @ 05:55

    Hy, after this update catagories give an error when product is updated! I need an urgent solution!

    Reply

  24. Rudy Rosen
    Jun 16, 2020 @ 10:10

    Hi,

    Could I you please update my membership so I can update Builder Contact.

    Thanks

    Reply

  25. Joseph Buhler
    Jun 16, 2020 @ 15:23

    Hi,

    Please extend the membership as mentioned.

    Thanks

    Joe

    Reply

  26. vvvvv
    Jun 17, 2020 @ 12:27

    Hello! Please update my membership so I can update Builder Contact

    Reply

  27. Samuel Strayer
    Jun 17, 2020 @ 16:31

    I have 1.4.1 on several of my sites.

    Can I get the extension to update?

    I’d be willing to upgrade to the lifetime membership if you can e-mail me the half off promo. I forgot to it a few months back when you had the sale.

    Thanks!

    Reply

  28. Ragu Nathan
    Jun 18, 2020 @ 13:37

    Please update my membership. Thank you.

    Reply

  29. Bruce Diller Verstandig
    Jun 19, 2020 @ 15:03

    Hi

    Would the vulnerability be the reason I received random one word emails from my site contact form ?

    Also is there a way to see the log of emails sent via the contact builder forms

    Thanks for being wonderful I love themify themes

    Bruce

    Reply

    • Nick @ Themify
      Jun 20, 2020 @ 00:45

      Hi,

      First of all, thanks for your support. The vulnerability allowed hackers to send spam emails using your server. If you are receiving a lot of spams from the Builder Contact, try to enable captcha on Builder Contact module options.

      Reply

  30. desmond lim
    Jun 26, 2020 @ 02:38

    How do i requested for the extension on the builder contact change please ?
    Thanks

    Reply

  31. Sudhan Wilson
    Jun 28, 2020 @ 07:19

    I am using the older version and my membership is expired could you provide me free membership of builder contact.
    Thanks

    Reply

  32. ilias lolos
    Jun 29, 2020 @ 14:58

    I have an older version 1.4.3….
    Please update my membership so I can update Builder Contact

    Reply

    • Nick @ Themify
      Jun 30, 2020 @ 03:04

      We’ve extended your membership.

      Reply

      • ilias lolos
        Jun 30, 2020 @ 09:36

        Thank you!

        Reply

  33. Kevin D. Robertson
    Jul 08, 2020 @ 22:14

    I have builder contact Version 1.2.9 installed on AmendInitiative.org site. It is full of spam submissions.
    1. Do I need to delete plugin?
    2. Do I delete spam (77,000 submissions)? If yes, how do I delete/trash all 77,000 in bulk?
    3. I have added the ReCaptcha settings just now (were not added before).
    4. my contact form just displays error messages when I attempt to test

    Please help,

    Thanks,
    Kevin

    Reply

    • Nick @ Themify
      Jul 09, 2020 @ 02:06

      Hi Kevin,

      Sorry to hear about the problem. If you are getting a lot of spam mails in your inbox, it shouldn’t be related to this vulnerability. This vulnerability is another way around, hackers can use use your mail server to send out spam mails to other recipients.

      Here are our suggestions:
      – Update Builder Contact to the latest version immediately.
      – Enable Captcha option in Builder Contact

      Reply

Reply