Vytis
Forum Replies Created
-
Hi @coralbeauty, @24killen,
Thank you for reporting the issue. We fixed it with the latest update, make sure to update to the latest version 2.7.4 and let us know if you experience any other issues.Hi @welswebmaster,
Thank you for reporting this. Could you please check if version 5.1.5 is fixing this as expected?
Let us know if you still encounter this problem with the latest version.
Thanks!Hi @scribelle, @krautwissen,
We made a release where this issue is patched, please update theme to latest version 4.2.3 and you should no longer encounter this compatibility issue with Gutenberg.
Thanks for reporting it!Hi @danielbowen,
Thank you for reaching out and sharing your concerns. We completely understand if the permission requests look excessive at first glance—privacy and security are top priorities for us as well.
Why those permissions are requested: The “Manage your business” and
business_managementpermissions are, unfortunately, a technical requirement recently mandated by Meta (Facebook/Instagram) for their Graph API.Here is exactly what we access and why:
business_management: Required by Meta to retrieve the list of Pages and Instagram accounts in your Business Portfolio. We only use this to identify which account you want to display.instagram_basic: Allows the plugin to read your Instagram profile info (username, profile picture) and media (photos/videos) to build the slider.pages_show_list&pages_read_engagement: Used to identify the Facebook Page connected to your Instagram account and to read basic engagement stats.pages_read_user_content: A standard permission that allows the plugin to load the actual media content and captions from your Page’s feed.
Specifically:
- API Requirements: To simply see a list of Facebook Pages and their connected Instagram accounts via the
/me/accountsendpoint, Meta now requires this higher-level permission. Without it, the plugin often cannot “see” your accounts at all. - Read-Only Use: While the permission technically allows for “management,” our plugin only uses it to read your public post data to display the slider. We do not—and will never—modify your business settings, delete content, or grant third-party access.
Regarding recent reviews and performance: You mentioned seeing reports that the plugin may not be working properly for some users. We want to make sure your experience is seamless. Are you currently encountering any specific errors, such as images not loading or connection timeouts?
We recently released new versions which include enhanced security and improved compatibility with the latest WordPress and Meta API changes. If you are having any trouble, please let us know the details, and we’ll be happy to investigate and help you get it resolved immediately.
Hi @scribelle,
Thank you for reporting this issue with all the details. We were able to replicate it and prioritized it on our end so you should expect a release with a fix soon.Hi @mywebe1,
The vulnerability already appears as patched in patchstack system as well.
Thank you for your patience and have a nice day.Forum: Plugins
In reply to: [Disable Admin Notices - Hide Dashboard Notifications] Security IssueHi @vegancake @darrenmcentee @iconet @macwillard,
The vulnerability was already patched with the latest release, we also informed the security channels to verify it so should soon disappear from warnings like those you see from Wordfence.
Thank you for your patience.Hi @mtg169,
Today we made a release where this issue is addressed. Thanks again for reporting it.Hi @mtg169,
Thank you for reporting this issue and apologies for the inconvenience.
We added a fix and it will be released soon with the next release of the plugin this week.Hi @rsb1234,
We’ve confirmed that the fix was incorrectly flagged as still vulnerable and this issue was fully resolved in version 8.2.6 as mentioned before. The vulnerability is patched, and you’re safe if you’re running the latest versions of the plugin.For reference, here’s the updated report confirming the patch:
https://patchstack.com/database/wordpress/plugin/wp-full-stripe-free/vulnerability/wordpress-wp-full-stripe-free-plugin-8-3-0-sql-injection-vulnerabilityWordfence’s listing should also be updated shortly once they refresh their data.
Thanks again for bringing this to our attention once again.
Hi @rsb1234,
Thank you for sharing this with us. This vulnerability was patched in version 8.2.6 (released in July), so if you’re running one of the latest versions, you’re protected.
We’ve already reached out to the Wordfence team and the original reporter to clarify why their listing hasn’t been updated to reflect this patch.
Thanks again for bringing it to our attention!
Hi @irawibowo,
The issue is fixed with the latest version of the plugin. Thank you for reporting it!Hi @xopox,
The issue is fixed with the latest version of the plugin. Thank you for reporting it!Hi @irongenetics96,
Thank you once again for reporting the issues.
Today we made a patched release of the plugin where mentioned issues were addressed.Hi @irawibowo,
Thank you for reporting the issue, we are working on a fix and it should be available today.