Gold Penguin Logo with Text

Urgent Security Update Released for OxyExtras WordPress Plugin

A security vulnerability was discovered in the popular OxyExtras plugin for WordPress's Oxygen page builder, prompting the release of versions 1.4.4 and 1.4.5 to patch the issue, with users urged to update immediately and take precautionary measures to secure their sites.
Updated March 14, 2024

A critical security vulnerability has been discovered in the popular OxyExtras plugin for WordPress's Oxygen page builder. The OxyExtras development team released versions 1.4.4 and 1.4.5 in quick succession yesterday to patch the security hole. They are urging all users to update to the latest version 1.4.5 immediately.

Details on the exact nature of the vulnerability are sparse at this time. When asked, the plugin author stated "Can't reveal at this time. Nothing to be concerned about. Make sure you are using the latest version of the plugin."

However, reports from users in the Oxygen Facebook community indicate the exploit may allow hackers to create rogue admin accounts on WordPress sites running vulnerable versions of OxyExtras. One site owner reported finding an unauthorized admin account with the email address "" and username referencing "James Rollner" added to his site. It's unclear if this is directly related to the OxyExtras vulnerability.

Out of an abundance of caution, we recommend all OxyExtras users take the following steps immediately:

  1. Update OxyExtras to version 1.4.5. You can update from your WordPress plugins page or download the latest version from the OxyExtras website.
  2. Review all user accounts on your WordPress site, especially any Administrator-level accounts. Delete any unauthorized or suspicious accounts.
  3. Change passwords for all legitimate admin accounts.
  4. Run a malware/security scan on your WordPress files to check for any injected malicious code.
  5. Monitor your site closely over the coming days for any unusual activity.

The OxyExtras team pushed out versions 1.4.4 and 1.4.5 very quickly to close the security hole. However, the previous version, 1.4.3, hadn't been updated since May 2022. It's possible this vulnerability existed for some time before being discovered and patched.

If you have any problems updating or concerns that your site may have been compromised, contact the OxyExtras support team for assistance. We will continue monitoring the situation and providing updates as more details emerge about the scope and impact of this security issue.

Want To Learn Even More?
If you enjoyed this article, subscribe to our free monthly newsletter
where we share tips & tricks on how to use tech & AI to grow and optimize your business, career, and life.
Reading Time: 2 minutes
Written by Justin Gluska
Justin is the founder of Gold Penguin, a business technology blog that helps people start, grow, and scale their business using AI. The world is changing and he believes it's best to make use of the new technology that is starting to change the world. If it can help you make more money or save you time, he'll write about it!
Notify of

Inline Feedbacks
View all comments
Join Our Newsletter!
If you enjoyed this article, subscribe to our newsletter where we share tips & tricks on how to make use of some incredible AI tools that you can use to grow and optimize a business