bcolflesh
Forum Replies Created
-
What’s the status of this vulnerability? It’s already been a day.
I got this again today for a time, you need to (1) fix the message encoding so the HTML is not displayed, or change to plain text (2) Probably update the wording and explain exactly what is happening – ie: API cannot be reached, network issue, etc
This just appeared again – what triggers this message? Brightcove API endpoint being unreachable?
This hasn’t popped up today at all, so I assume whatever it was connecting to is working again.
It looks like one or more of your accounts API authentication has changed recently. Please update your settings <a href=”https://mydomain.com/wp-admin/admin.php?page=brightcove-sources”><strong>here</strong></a>. Or click <a href=”https://mydomain.com/wp-admin/admin.php?page=brightcove-sources&bc_refresh=1&nonce=%5Bmynonce%5D”><strong>here</strong></a> to try again.
- This reply was modified 1 year, 3 months ago by bcolflesh.
Same here, not good.
Well, it’s definitely not resolved, as you cannot remove Zip AI from your plugin, which makes no sense.
You just released a plugin update and removing Zip AI completely is not included.
Forum: Fixing WordPress
In reply to: img decoding=”async”Thanks for the explanation – I see the latest 6.4 update has not gone well on various forums for other reasons and I’m sure this is a small issue/workaround in comparison.
Forum: Fixing WordPress
In reply to: img decoding=”async”I refactored that section of my plugin quick to use single instead of double quotes on the JavaScript injected img tag, but man, it doesn’t seem smart at all to do this – what are people with plugins they didn’t make and no expertise/support going to do when this breaks their site?
Forum: Plugins
In reply to: [Read More & Accordion] Vulnerable Plugin: expand-maker (version 3.2.2)If you click on the original reporting link there:
https://wpscan.com/vulnerability/1e733ccf-8026-4831-9863-e505c2aecba6
“The plugin unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.”
You have to sanitize input to prevent PHP Object Injection.
If you email [email protected] maybe they can put you in touch with Dao Xuan Hieu before he publishes the PoC on Saturday.Forum: Plugins
In reply to: [Read More & Accordion] Vulnerable Plugin: expand-maker (version 3.2.2)The link explains exactly what wrong, they are trying to help you by not disclosing the exact code – they must have been contacting you, trying to get you to fix this.
You need to fix this ASAP before you are removed from the plugin repo.Forum: Plugins
In reply to: [Read More & Accordion] Vulnerable Plugin: expand-maker (version 3.2.2)You don’t know, but the largest WordPress threat company on Earth does – that’s not good:
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/expand-maker/read-more-accordion-322-authenticated-administrator-php-object-injectionForum: Plugins
In reply to: [Redis Object Cache] Fatal Error after update to 2.3.0LOL, I saw the update notification and came here to see how many people got hosed before I made myself the guinea pig – maybe I’ll wait until tomorrow for the 2.3.x update(s).
Forum: Plugins
In reply to: [Print Invoice & Delivery Notes for WooCommerce] CSS VulnerabilityWordfence tagged everyone using this plugin and said to deactivate and delete ASAP yesterday – can we get an update?