Wix is an online platform for building your website and getting a free start on your business at the basic level.
In the top tier (having paid for Wix), you can get many more features and a brilliant working website.
At least, that was the thought.
Recently, Wix has come under fire by many people in the community who use the editor to make their online livelihood a reality.
So the reports go, the integrity of the user’s security has been called into question.
Like something right out of a hacker flick, users were getting an annoying quantity of emails from an address by the name of “messwiththebest.boi”.
These were no handfuls of emails either. They were coming in the tens if not hundreds of thousands.
User AxxiosGrey added screenshots for us to use concerning this matter and depicts the process of his website going down due to Wix’s security debacle.
The “Mess With the Best” emails were telling the user that there were hacking attempts made against their domain.
As can be seen in the screenshot, these hacking attempts were beginning to flood in before the site was even made live.
Eventually, Wix made contact with AxxiosGrey and let him know that the website was removed due to security concerns.
“Wix websites are vulnerable to reflective DOM cross-site scripting attack that could give attackers control of user’s websites.
Cloud-based web host Wix.com is vulnerable to a DOM-based cross-site scripting vulnerability that can give attackers control over any of the millions of websites hosted on the platform.
Austin said Wednesday the vulnerability was still unpatched despite repeated attempts to warn and notify Wix.com since early October. On Thursday Wix.com representatives sent Threatpost a brief statement stating the problem has been solved.
“We take the security of our customers very seriously. After thorough examination we can state that the issue has been addressed. We do operate a formal bug bounty program and are taking steps to widen the community,” said Matt Rosenberg, Wix.com spokesperson. According to Wix.com’s own estimates, there are 86 million users of its platform.”
While confirmation of this issue being fixed has floated around for a long time, the issue is still being widely reported.
ZDNet wrote an article on May 2nd of this year detailing that the same kind of attack is being used against Wix as well as a few other DOM and Cloud Managed Web Hosts up to and including Shopify, Weebly, SquareSpace, Magneto and OpenCart (including other sites that run off of its technology.)
With Wix being by far the easiest and largest editor in the modern market, these concerns are shared among 137 Million users, according to Wix themselves.