anotherdave
Forum Replies Created
-
Please ignore my previous post. I found that AngellEye has an updater plugin to update their PayPal plugin / fix the PHP 8.x code issue. I would post the link, but I don’t think that’s allowed, and it’s easy enough to find on their website.
@delaner – If you don’t mind sharing, did you ever get a response from Angell Eye? Were they able to provide either an patched version, or perhaps some code lines to change?
Thanks very much for any update you’d be willing to share.
Thank you for the reply. Yes, I do see on Patchstack that it’s low severity. I’ll tell my clients not to worry and that an update is in the works.
Kudos for the excellent support you provide here on the boards! I see that you are very responsive to user questions, which is really great.
I can confirm that the issue is still happening as of even just a few minutes ago.
Additionally, on many sites the Security > Dashboard (e.g. https://www.example.com/wp-admin/admin.php?page=itsec-dashboard) now just loads a blank page.
All of the other functions, such as Security > Settings etc… all display their respective pages correctly, but the Security Dashboard just shows a blank page.
I manage hundreds of sites and this just started happening with the latest update. Tested with Solid Security Pro 8.4.0
While I can’t speak on behalf of the OP, this should probably be marked as Resolved since the new POWR version 2.2.1 fixes the issue.
Good to see 2.2.1 is now in the repository and scans clean now. Thanks devs.
That is a bit confusing, since the version at https://ww.wp.xz.cn/plugins/powr-pack/ is still 2.1.0 and there appears to be no 2.2.1 update available at https://ww.wp.xz.cn/plugins/powr-pack/ nor with the WordPress Dashboard > Plugins section of websites running 2.1.0
Is 2.2.1 only available via special means?
This is still an issue and being reported in email alerts from Solid Security (formerly iThemes Security) twice a day for some time now. I hope that @powr will please take a look at this. It’s never fun to tell a client that they need to find a replacement plugin for one that they have relied on for so long.
Forum: Plugins
In reply to: [Futurio Extra] Security Threat Cross Site Forgery Request per iThemesI was watching for 1.8.3 to be released also, as I could see it in their development log at https://plugins.trac.ww.wp.xz.cn/log/futurio-extra/ , but iThemes Security and PatchStack are both reporting 1.8.3 as still having the CSRF.
I’m hoping that this is just a misnomer – https://patchstack.com/database/vulnerability/futurio-extra/wordpress-futurio-extra-plugin-1-8-2-cross-site-request-forgery-csrf – but yeah, as long as it’s listed there then iThemes just keeps on sending me the email alerts about it.
Thanks so much for the update and releasing the patch. On August 7th iThemes finally stopped the warnings and marked the plugin as clean.
I must admit, it seems a bit ironic that iThemes Security basically promotes / is part of this plugin – https://help.ithemes.com/hc/en-us/categories/360004039733-Restrict-Content-Pro – and yet iThemes Security itself is still sending email alerts from it’s scans twice a day that this is Reflected XSS Vulnerable.
@reedyseth thanks for the response. We’re looking forward to the update and the security alert notices to stop.
Forum: Plugins
In reply to: [Easy Appointments] Version 3.11.9 CSRF detectedHi Nikola,
I’m sure you are extremely busy and I know these things take time, but was just wondering if there’s possibly an ETA on update for this maybe?
Thank you.
Forum: Plugins
In reply to: [Easy Appointments] Version 3.11.9 CSRF detectedThanks for the quick response! I could see the rank of “medium” with 4.3 score and no exploits known, so obviously nothing to panic over, but really great to know you’ll be releasing a patch since I have a client who uses your plugin a lot.
Cheers,
Dave
Forum: Plugins
In reply to: [OoohBoi Steroids for Elementor] Security vulnerability@ooohboi – You might find this helpful – https://wpscan.com/vulnerability/ac74df9a-6fbf-4411-a501-97eba1ad1895
Says current version 2.1.4 and lower are vulnerable and shows proof of concept code.