![Elementor Pro | WordPress Websites Builder [Premium]](/data/resource_icons/0/108.jpg?1527938001){kind=icon}
Elementor Pro | WordPress Websites Builder [Premium] v3.28.3 Nulled
- Thread starter MrSam_1
- Start date
-
Welcome to Original Babiato! All Resource are Free and No downloading Limit.. Join Our Official Telegram Channel For updates Bypass All the resource restrictions/Password/Key? Read here! Read Before submitting Resource Read here! Support Our Work By Donating Click here!
donaconda
Active member
- May 2, 2022
- 120
- 171
- 43
As long you use the previous released Free version from here and do not update the Free version from within WordPress. Wait until someone nulls the latest Free version and shares it here.
Ppppppp0
Member
- Apr 5, 2020
- 58
- 20
- 8
donaconda
Active member
- May 2, 2022
- 120
- 171
- 43
Possibly because the free version runs also some checks in conjunction with the pro version. Not sure exactly.
DCDev
Active member
- Apr 14, 2021
- 108
- 101
- 43
@bobsmith & @Tomz not sure if this is something to worry about but found this in the elementor-pro-php file in v3.7.7
What concerns me is the section ' $response = wp_remote_get( "http://wordpressnull.org/elementor/templates/{$parsed_args['body']['id']}.json", [ 'sslverify' => false, 'timeout' => 25 ] );'
Looking at a search result for that domain it gives me this:
Премиум темы и плагины WordPress
We would like to show you a description here but the site won't allow us.
I would double check if their is any other scripts lingering in the files. This to me looks like a backdoor
.
Please do ignore this if its normal. I will remove it from my version. If I find any others I will share just in case.
Just to add - This was checked against v3.7.6 that was uploaded on here.
Code:
add_action( 'init', function() {
add_filter( 'pre_http_request', function( $pre, $parsed_args, $url ) {
if ( strpos( $url, 'my.elementor.com/api/v1/licenses' ) !== false ) {
return [
'response' => [ 'code' => 200, 'message' => 'ÎÊ' ],
'body' => json_encode( [ 'license' => 'valid', 'expires' => '01.01.2030' ] )
];
} elseif ( strpos( $url, 'my.elementor.com/api/connect/v1/library/get_template_content' ) !== false ) {
$response = wp_remote_get( "http://wordpressnull.org/elementor/templates/{$parsed_args['body']['id']}.json", [ 'sslverify' => false, 'timeout' => 25 ] );
if ( wp_remote_retrieve_response_code( $response ) == 200 ) {
return $response;
} else {
return false;
}
} else {
return false;
}
}, 10, 3 );
} );What concerns me is the section ' $response = wp_remote_get( "http://wordpressnull.org/elementor/templates/{$parsed_args['body']['id']}.json", [ 'sslverify' => false, 'timeout' => 25 ] );'
Looking at a search result for that domain it gives me this:
Премиум темы и плагины WordPress
We would like to show you a description here but the site won't allow us.
I would double check if their is any other scripts lingering in the files. This to me looks like a backdoor
.Please do ignore this if its normal. I will remove it from my version. If I find any others I will share just in case
.Just to add - This was checked against v3.7.6 that was uploaded on here.
DCDev
Active member
- Apr 14, 2021
- 108
- 101
- 43
Hi @bobsmith & @Tomz I was going to edit my last post but thought this is more a licence issue.
I found another file that differs to v.3.7.6 when checking for licence. admin.php in v.3.7.7 still has API calls to check if licence is active like this:
Just one of many API calls. As before please do ignore if this is normal guys. Just trying to help out.
I found another file that differs to v.3.7.6 when checking for licence. admin.php in v.3.7.7 still has API calls to check if licence is active like this:
Code:
<?php // Fake link to make the user think something is going on. In fact, every refresh of this page will re-check the license status. ?>
<a class="button" href="<?php echo esc_url( static::get_url() . '&check-license=1' ); ?>">
<i class="eicon-sync"></i>
<?php echo esc_html__( 'Check license status', 'elementor-pro' ); ?>
</a>Just one of many API calls. As before please do ignore if this is normal guys. Just trying to help out
.
donaconda
Active member
- May 2, 2022
- 120
- 171
- 43
Looks concerning to me also, especially since I upgraded to 3.7.7 and my plugin panel still says I need an upgrade.Hi @bobsmith & @Tomz I was going to edit my last post but thought this is more a licence issue.
I found another file that differs to v.3.7.6 when checking for licence. admin.php in v.3.7.7 still has API calls to check if licence is active like this:
Code:<?php // Fake link to make the user think something is going on. In fact, every refresh of this page will re-check the license status. ?> <a class="button" href="<?php echo esc_url( static::get_url() . '&check-license=1' ); ?>"> <i class="eicon-sync"></i> <?php echo esc_html__( 'Check license status', 'elementor-pro' ); ?> </a>
Just one of many API calls. As before please do ignore if this is normal guys. Just trying to help out
DCDev
Active member
- Apr 14, 2021
- 108
- 101
- 43
I wouldn't update elemntor pro or free until bobsmith and Tomz have investigated or come back with everything is ok with the finding I have come across.
I will update my previous posts if I find any other suspicious scripts that are not in v3.7.6. Or any other version prior to v3.7.7.
I will update my previous posts if I find any other suspicious scripts that are not in v3.7.6. Or any other version prior to v3.7.7.
DCDev
Active member
- Apr 14, 2021
- 108
- 101
- 43
Downgrade for now. I have checked v3.7.6 and everything looks good on there. You can do this through WordPress itself by uploading the plugin manually. This will remove all data from the previous plugin. If you have FTP access you can rename the v3.7.7 to another name and then upload the old one if easier. Either way make sure you have a backup of your site.
Also do a check for any malware or scripts that may have infected your WordPress platform by using Anti-Malware Security and Brute-Force Firewall by Eli Scheetz. Really good plugin and its free. It probably wont flag anything but always good to check for other issues that might be lingering else where.
I always have a staging/development site and upload there. Never do it on a server, always do it locally on your PC. WPLocal is a really good tool to use and is quick to setup. No need to worry about creating databases etc. Use Duplicate or Updraft to copy your live to local. Works flawlessly. Doing this will prevent any worry with the live.
Last resort would be to buy a licenced version and share on here and let the nulling masters do their magic for us. Both ways you don't feel guilty contributing to the original developer
.
donaconda
Active member
- May 2, 2022
- 120
- 171
- 43
Thank you! You may have saved many users here a massive headache, including me. Greatly appreciated.Downgrade for now. I have checked v3.7.6 and everything looks good on there. You can do this through WordPress itself by uploading the plugin manually. This will remove all data from the previous plugin. If you have FTP access you can rename the v3.7.7 to another name and then upload the old one if easier. Either way make sure you have a backup of your site.
Also do a check for any malware or scripts that may have infected your WordPress platform by using Anti-Malware Security and Brute-Force Firewall by Eli Scheetz. Really good plugin and its free. It probably wont flag anything but always good to check for other issues that might be lingering else where.
I always have a staging/development site and upload there. Never do it on a server, always do it locally on your PC. WPLocal is a really good tool to use and is quick to setup. No need to worry about creating databases etc. Use Duplicate or Updraft to copy your live to local. Works flawlessly. Doing this will prevent any worry with the live.
Last resort would be to buy a licenced version and share on here and let the nulling masters do their magic for us. Both ways you don't feel guilty contributing to the original developer
donaconda
Active member
- May 2, 2022
- 120
- 171
- 43
I have upgraded a legally purchased version from within my client dashboard. Attached is a fresh copy of both the Free and Pro version. I have attached a screenshot of the successful update performed on my clients dashboard.
Hopefully a talented Nuller can do their magic.
Hopefully a talented Nuller can do their magic.
Last edited:
sideloading
New member
- Jun 30, 2022
- 17
- 6
- 3
How do I download the specific 3.7.6 nulled from Babiato?Downgrade for now. I have checked v3.7.6 and everything looks good on there. You can do this through WordPress itself by uploading the plugin manually. This will remove all data from the previous plugin. If you have FTP access you can rename the v3.7.7 to another name and then upload the old one if easier. Either way make sure you have a backup of your site.
Also do a check for any malware or scripts that may have infected your WordPress platform by using Anti-Malware Security and Brute-Force Firewall by Eli Scheetz. Really good plugin and its free. It probably wont flag anything but always good to check for other issues that might be lingering else where.
I always have a staging/development site and upload there. Never do it on a server, always do it locally on your PC. WPLocal is a really good tool to use and is quick to setup. No need to worry about creating databases etc. Use Duplicate or Updraft to copy your live to local. Works flawlessly. Doing this will prevent any worry with the live.
Last resort would be to buy a licenced version and share on here and let the nulling masters do their magic for us. Both ways you don't feel guilty contributing to the original developer
venurao
Active member
- May 7, 2022
- 108
- 53
- 28
encarta
Member
- Dec 28, 2018
- 54
- 21
- 8
for test install elementor from wp library and install elementor pro 3.7.7 from this post and check to import blocks and kit in test page . this code added to import kits form http/wordpressnull.org/elementor/templates/ and in place of templates folder in free version in past.@bobsmith & @Tomz not sure if this is something to worry about but found this in the elementor-pro-php file in v3.7.7
Code:add_action( 'init', function() { add_filter( 'pre_http_request', function( $pre, $parsed_args, $url ) { if ( strpos( $url, 'my.elementor.com/api/v1/licenses' ) !== false ) { return [ 'response' => [ 'code' => 200, 'message' => 'ÎÊ' ], 'body' => json_encode( [ 'license' => 'valid', 'expires' => '01.01.2030' ] ) ]; } elseif ( strpos( $url, 'my.elementor.com/api/connect/v1/library/get_template_content' ) !== false ) { $response = wp_remote_get( "http://wordpressnull.org/elementor/templates/{$parsed_args['body']['id']}.json", [ 'sslverify' => false, 'timeout' => 25 ] ); if ( wp_remote_retrieve_response_code( $response ) == 200 ) { return $response; } else { return false; } } else { return false; } }, 10, 3 ); } );
What concerns me is the section ' $response = wp_remote_get( "http:/wordpressnull.org/elementor/templates/{$parsed_args['body']['id']}.json", [ 'sslverify' => false, 'timeout' => 25 ] );'
Looking at a search result for that domain it gives me this:
Премиум темы и плагины WordPress
We would like to show you a description here but the site won't allow us.
I would double check if their is any other scripts lingering in the files. This to me looks like a backdoor
Please do ignore this if its normal. I will remove it from my version. If I find any others I will share just in case
Just to add - This was checked against v3.7.6 that was uploaded on here.
in older nulled version added templates folder for kits and blocks but in last version In another way and add to pro version by this code.
you can add templates folder on your own host and add link in this code to read form that.
http://your domain/templates/
by this method templates and blocks import without any error
thanks
secure.directive
Active member
- May 2, 2022
- 100
- 70
- 43
Templates were removed because of their size -> 800 mb + ( Read posts starting from 234 +++)
You will find the actual templates in the history tab -> Aug 3, 2022. You can easily create your own host and replace the above code / url as mentioned. The above is not a hack, but more a covenient solution for those that dont know how.
Cheers
You will find the actual templates in the history tab -> Aug 3, 2022. You can easily create your own host and replace the above code / url as mentioned. The above is not a hack, but more a covenient solution for those that dont know how.
Cheers
DCDev
Active member
- Apr 14, 2021
- 108
- 101
- 43
I don't feel this is
That is my fault. Luckily it's nothing to worry about and as you say you can use your own domain to host the templates.
This makes more sense now. My findings where a concern as I didn't go as far back as to why it was implemented.
That is my fault. Luckily it's nothing to worry about and as you say you can use your own domain to host the templates.
xbiggyl2
New member
- May 4, 2022
- 12
- 3
- 3
Thanks for your input, but I have one concern.
I checked v3.7.6 and that code does not exist, even though templates are removed in that version as well.
Like you said, maybe it was just added in the 3.7.7 for convenience, but did you or anyone import that code and check it?
A malicious injection could cause real headache for many, even if it is being used on a testing site—unless you are sandboxed or know what you are doing.
Anyway, as it has been said many times on here, nulled versions should only be used for testing these plugins. For production sites always buy the official version.
Similar threads
