AV WebWorks
Forum Replies Created
-
Forum: Plugins
In reply to: [WooCommerce] New add to cart + variation imagesHere’s the video: https://av-webworks.io/wp-content/uploads/sites/3/2025/09/obs.mp4
I get site scan reports from the Solid Security plugin – they email if they find issues. The emails include links to Patchstack.
Looking closer at Patchstack, they link to the CVEs @dbuffault mentioned in their OP.
I’ve been getting the same message from Solid Security scans:
WordPress Countdown & Clock plugin <= 2.9.4 – Cross Site Scripting (XSS) vulnerability
WordPress Countdown & Clock plugin <= 2.9.4 – Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities
WordPress Countdown & Clock plugin <= 2.9.4 – Pro Features Lock Bypass vulnerability
WordPress Countdown & Clock plugin <= 2.9.4 – Authenticated Stored Cross-Site Scripting (XSS) vulnerability
I’m having the same fits.
I click on the button to allow the plugin to send via Google, select the desired Google account, bypass security warning (app’s not verified but it’s mine so meh), then get to the Confirm your choices dialog (You already gave access to…Make sure you trust [website], etc) and when I click Allow, I get the 403/forbidden error.
I’m a reseller/webmaster with the exact same setup running on near a dozen sites (multi-sites and regular setups) with no problem. The only difference with this one is that there’s a WP installation in the web root (plugin’s working fine) and the problematic site is in a sub-directory with its own WP installation. All the directory/file permissions are 755/644 and there’s nothing in any of the htaccess files except the default WordPress rules.
Any ideas?
Everything seems to have worked out again with the fresh install so it might have just been something going screwy in my setup. If it goes out again, I’ll see what, if anything, the debug tells me. Thanks. 🙂
That didn’t seem to do much good, either. I’m going to start a fresh network and see what happens. If it works, we’ll know it was something that went screwy in my settings. I’ll post again when I finish. 🙂
I have:
– Deactivated the firewall
– Deactivated/reactivated the scanner
– Deleted the firewall
– Deactivated/reactivated the scanner
– Deleted/reinstalled the scanner
– Deactivated all my other plugins, save one to enable updates over SSH
– Deactivated/reactivated the scanner
– Deleted/reinstalled the scanner (again)I still haven’t gotten a menu option for the scanner and when I click on settings from the list of plugins, I get the same message saying I can’t access that page.
The network is mostly inactive, just parked coming soon pages until I get around to uploading/updating all my old content. I only write on one site at the moment and it’s been a little while since I had time to do that.
There are no other users and there’s nothing that I can think of that’d interfere with user roles but just in case I’m missing something, here’s a list:
Akismet
BackWPup
Classic Editor
Cloudflare
Coming Soon/Maintenance (SeedProd)
Contact Form 7
InfiniteWP
iThemes Security
StatCounter Plugin
SSH SFTP Updater Support
TinyMCE
Yubikey 2FA
Mail SMTP
Super CacheI personally haven’t made any major changes since adding the firewall+scanner but I’ve been keeping everything up-to-date. Yubikey and SMTP -may- have been added after the firewall/scanner but everything else was set up before.
It was fine when I first set up – the integration was as it should be – but I went in the other night to look over the firewall/scanner settings, I couldn’t get to the scanner. (I’m working to set them up on clients’ websites now, which is how I stumbled across this little conundrum.)
- This reply was modified 7 years ago by AV WebWorks.
Forum: Plugins
In reply to: [BackWPup – WordPress Backup & Restore Plugin] StylesheetI’m not entirely sure how, but I managed to get it to go away at long last. 🙂 I think something in the settings needed to be flushed/reset.
Forum: Plugins
In reply to: [BackWPup – WordPress Backup & Restore Plugin] StylesheetI’m working on another client’s website now and the plugin seems to be working as it should – no links to the stylesheet on the front end, just in the admin area. And the link is HTTPS. Any ideas what would cause it to mess up on one website and not the other?
- This reply was modified 7 years, 10 months ago by AV WebWorks.
Forum: Plugins
In reply to: [BackWPup – WordPress Backup & Restore Plugin] StylesheetThe URLs are set to HTTPS. And you can go to https://bmmbproductions.com, view the source, and see two things:
– The only http:// showing on the page is the link to the stylesheet
– It is, in fact, called on pages that are not in the admin area. Checks of the other pages’ source code will show the same.(https://bmmbproductions.com/media/uploads/2018/07/source.png to see the source code in question)
As far as the admin area goes, it is also linked to there – on the Dashboard, for instance – and is one of three occurrences where http:// pops up (the other two being links to W3 in the doctype declarations). And when I say the admin area, I mean pages that aren’t even associated with BWPUp. I don’t know if you can limit it to JUST being called on BWPUp’s pages but if it can be done, it certainly should. At the very least, it should be HTTPS.
- This reply was modified 7 years, 10 months ago by AV WebWorks.
Forum: Plugins
In reply to: [Mooberry Book Manager] Imports not working?It’s not doing anything, really. I select the file, hit import, the spinner icon pops up in the browser tab, the status bar flicks through the connecting/waiting bits, the page seems to reload, then nothing. There is no error, no list of books, nothing.
Sending the email now.
Seems as though the thorn in my side on the problematic site is Block Bad Queries, in case anyone else is using it as well. I’m still not sure why there isn’t a clash on the other sites but perhaps it’ll help in the troubleshooting.
The update via FTP didn’t work for that particular site.
Skipping ahead to a new website, new setup, (same server and setup process) it worked as it should – runs jobs fine.
I don’t believe there is anything in the troubled site that is any different from the rest I’ve done so I’m not sure why it would work on all the others. Any ideas?
I’m a budding hosting reseller and I’ve been doing site upgrades for the last few days. This plugin has made it onto my list of must-haves for my clients (and me as their admin). Starting on fresh WordPress setups, I’ve added the plugin via search and install in WordPress itself since I started. With a quick look, it looks as though 3.0.8 is installed, and running as it should, on a number of my sites.
The eighth setup (begun about 12-13 hours ago now, actually) is throwing the 403 error same as everyone else. Because the setup was fresh, I had no problems switching databases to try again – with the same result. I tried rolling back to the version before 3.0.8 via FTP but, when I did I bumped into another problem: On clicking ‘run’ it would say something along the lines of ‘job started,’ then nothing else.
I don’t think I’d tried to upload 3.0.8 via FTP but that’s running now, just in case it will help. I’ll post again once it’s done and I’ve had time to test.
