Andyt8
Forum Replies Created
-
Forum: Plugins
In reply to: [Wikipedia Preview] Broken Access Control VulnerabiliyHi @hueitan, thank you for the response. I’m able to confirm, the latest version don’t show any security messages from our WordPress Security plugin. Thank you for the fix.
best regards, Andyt
Forum: Plugins
In reply to: [Wikipedia Preview] Broken Access Control VulnerabiliyHello, thank you for the information. Were you able to contact Patchstack? They may have more in-depth information. Perhaps there is much more to it than what is publicly available.
Forum: Plugins
In reply to: [Statify Widget] Cross Site Scripting (XSS) vulnerabilityHello Finn,
I’m able to confirm, the issue was closed, because the WordPress Security plugin don’t report something about the plugin. Thanks for the help.
best regards
Forum: Plugins
In reply to: [Wikipedia Preview] Broken Access Control VulnerabiliyHello,
Thank you for your response. I don’t know the original source. My security plugin read several public sources and is still reporting that. It looks like it should be something about “Broken Access Control”. Sorry, I found no links until now.
I found several websites explaining Broken Access Control for different plugins – maybe that is a general problem? However, nothing about Wikipedia Preview Plugin execpt of my plugin (Defender Pro) with CVSS 6.5, which is too much to ignore it.
By the way, there was also a report for another plugin and the developer answered a quick faster. There was the same. No information for the developer – really strange process.
According to the website (developer from security plugin), it should be Patchstack. With that, I found https://patchstack.com/database/wordpress/plugin/wikipedia-preview/vulnerability/wordpress-wikipedia-preview-plugin-1-15-0-broken-access-control-vulnerability
Hopefully it helps?
best regards, Andyt
Forum: Plugins
In reply to: [Statify Widget] Cross Site Scripting (XSS) vulnerability…by the way, I wonder, because no one did inform you – the developer… – really strange process. Therefore I thought, the active support was stopped, because no reaction after several days / one week and so on.
Forum: Plugins
In reply to: [Statify Widget] Cross Site Scripting (XSS) vulnerabilityHello Finn,
Thank you for your fast response. I don’t know the original source. My security plugin read several sources. However, I found the following:
-) https://wpscan.com/vulnerability/c9fe39c5-ec0f-490b-8ceb-45fd47b8f772/
Hopefully that is a help for you?
best regards, Andyt
Forum: Plugins
In reply to: [Object Cache 4 everyone] Multiple WordPress on one serverThere were no response. I changed to something other. Don’t know more information if the plugin will do it or not… I had problems if there are severals WordPress on the same Server/PHP setup.
Forum: Plugins
In reply to: [Extensions for Leaflet Map] Fehler mit Kontrollfeld, DSVGO HinweisDanke für die schnelle Rückmeldung.
Ich bin gezwungen ein Cache-Plugin zu nutzen. Sonst dauert das Darstellen viel zu lange. vServer ist bei CPU begrenzt. WP Fastest Cache und Hummingbird scheinen grundlegend mit Leaflet zu arbeiten. Letzterer erkennt sogar automatisch, dass drei js-Dateien ausgeschlossen sein müssen. Nur mit diesen erscheint das Phänomen nicht. Die ausgeschlossenen Dateien lauten gestures_leaflet.js, elevation_js.js und leaflet-gpxgroup.min.js. Habe aber weitere hinzugefügt.
Bei memache, was bei Webseiten-Zustand angeführt wird, ist das wieder anders. Da werden php-code und Datenbankabfragen zwischengespeichert. Ich kann da leider nichts ausklammern. Es scheint, die erste Abfrage bewirkt, wie später die Antworten für alle anderen Abfragen aussehen. Wurde DSVGO noch nicht bestätigt, dann bleibt das auch so. Egal wie oft man dann darauf klickt. Wurde dies bestätigt, dann ist das für alle anderen ebenso. Die sehen dann eine leere Stelle wo die DSVGO-Abfrage bzw. die Leaflet-Map sein sollte.
Das wird vermutlich für das Kontrollfeld ähnlich sein. Wobei mir noch unklar ist, wie hier die Logik ist.
PS.: die Angelegenheit mit memache und DSVGO werde ich später bei Github übertragen.
Forum: Plugins
In reply to: [Extensions for Leaflet Map] Fehler mit Kontrollfeld, DSVGO HinweisKleiner Zusatz: Ich weiß nun was mit Kontrollfeld gemeint wird. Dies liegt ebenso an memcache. Sobald dies für WordPress aktiviert wird (so wie es empfohlen wird), hat Leaflet ein Problem bei der Darstellung und Nutzung. Nicht nur die DSVGO-Erweiterung wird davon negativ beeinflusst. Es scheint, es betrifft weitere Komponenten.
Neben memcache wird noch eine Asset-Optimierung und Caching genutzt. Beide letztere mithilfe dem Plugin Hummingbird. Da ist es aber auch egal ob beide letztere genutzt werden.
- WordPress 6.3.1
- Memcached backend for the WP Object Cache 4.0.0
- Memcached Server Version 1.6.9
- Debian + Apache + PHP 8.1
Forum: Plugins
In reply to: [Leaflet Map] RSS-Feed and Leaflet Mapjust one mistake from my last post…
According to a request for a different plugin for the same function, the plugin should now it is rendering for RSS Feed and show only a message.
It should be “know” and not “now”.
Maybe I start to add a manual message after the Leaflet Map… if an automatic function will be not possible.
By the way, RSS technology is the best to stay informed for many sources at one place. Therefore, I still use a Web-RSS-Reader and get infos from over 250 sources.
There would be another way for such situation (user use RSS-Feed on my website and get a new article with Leaflet Map, which will not be shown on RSS Feed). I’m able to disable full-text rss-feed, but I don’t like that by my own for other RSS Feeds – so I still want to give others the full version.
Forum: Plugins
In reply to: [WP-Print] Shariff Wrapper and print pageAt the moment, I disabled the plugin for testing some other stuff. Therefore, I mark the problem as resolved. I will response, if I return to the plugin.
Forum: Plugins
In reply to: [WP-Print] Shariff Wrapper and print pageHi, the situation with Shariff Wrapper is solved. At the moment, there are still missing pictures.
regards, Andyt
Forum: Plugins
In reply to: [Leaflet Map] RSS-Feed and Leaflet MapHello, thank you for your response. Some of the previous used plugin did and some not. The simple way would be a notice, that the whole post show a map or similar. According to a request for a different plugin for the same function, the plugin should now it is rendering for RSS Feed and show only a message.
Danke für die Information bzgl. dem Kontrollfeld. Das schaue ich mir an. Wurde das normale oder dunkle Design genutzt… ?
Forum: Plugins
In reply to: [Wikipedia Preview] Use only for search, no link previewHi,
Now it is possible for me to show the different representation. The link to Leaflet was created with the plugin “Wikipedia Preview”. Two changes to the other links are immediately noticeable. First, they are missing the nice icon behind the link and second, this is underlined separately.
My question now would be, can I fix this somehow, that this looks like the other links?
For the first problem, the plugin doesn’t seem to create a proper link. I also miss the preview when I move the mouse over the link. Usually I see in the web browser where the link goes.
Example: https://blackseals.net/blog/2023/09/07/umstieg-auf-leaflet-fuer-openstreetmap/
Forum: Plugins
In reply to: [Wikipedia Preview] Use only for search, no link previewHi WMF team, thank you for your response. I’m fine with 1st concern, if the 2nd issue is working fine. I will follow your link and check the status every week (or month).
edit: if you have something to test, you are welcome. Please for information.
best regards, Andyt
- This reply was modified 2 years, 9 months ago by Andyt8. Reason: correction and adding edit request/info