Marius L. J.
Forum Replies Created
-
Forum: Plugins
In reply to: [Health Check & Troubleshooting] Are you going to fix the vulnerability?Hi,
Although we had not been informed of this disclosure ahead of it happening, there is no apparent immediate risk.
Without giving too much information, as we are reviewing the report that was submitted to us at a later date; An administrator (which would in most cases be the site owner) would be able to view the content of files outside the WordPress directory, but only if the user also had access to your server and could write or modify very specific files on the server it self first.
The security advisory agrees that these requirements are so specific that it has a low severity impact and is unlikely to be exploited, but we are still waiting for more information from the reporter to more accurately address the report before we make any changes, if needed.
Forum: Plugins
In reply to: [Health Check & Troubleshooting] Security Vulnerability Report v1.7.1Hi,
Although we had not been informed of this disclosure ahead of it happening, there is no apparent immediate risk.
Without giving too much information, as we are reviewing the report that was submitted to us at a later date; An administrator (which would in most cases be the site owner) would be able to view the content of files outside the WordPress directory, but only if the user also had access to your server and could write or modify very specific files on the server it self first.
The security advisory agrees that these requirements are so specific that it has a low severity impact and is unlikely to be exploited, but we are still waiting for more information from the reporter to more accurately address the report before we make any changes, if needed.
Forum: Plugins
In reply to: [Health Check & Troubleshooting] Vulnerability foundHi,
Although we had not been informed of this disclosure ahead of it happening, there is no apparent immediate risk.
Without giving too much information, as we are reviewing the report that was submitted to us at a later date; An administrator (which would in most cases be the site owner) would be able to view the content of files outside the WordPress directory, but only if the user also had access to your server and could write or modify very specific files on the server it self first.
The security advisory agrees that these requirements are so specific that it has a low severity impact and is unlikely to be exploited, but we are still waiting for more information from the reporter to more accurately address the report before we make any changes, if needed.
Forum: Fixing WordPress
In reply to: Continuous automated comment spam@jessicawordprs We have archived your topic on ww.wp.xz.cn.
Although using AI tools is becoming very popular, by using it to generate copy-paste topic you are not truly posting your own questions or interacting with the users on the forums.
We understand the desire to seem professional in your interactions, but these are community forums, and there is no expectation of prior knowledge or expertise from those who wish to participate.
We do welcome you to make a new topic on your own with us!
@ghughupakhi We have removed your review, as it is clearly AI generated, and you did not even remove the placeholder text from the review.
You are welcome to use tools to help you with translations, but having them write reviews for you is not an appropriate use, as a review should reflect your own personal experiences.
Forum: Everything else WordPress
In reply to: Problem setting up ww.wp.xz.cn AccountWe’ve approved the pending WP Engine accounts at this time, but we obviously can’t publicly disclose why they were kept in limbo.
We strongly recommend checking in with your mail provider why their mail services may (or have been) blocked recently, to ensure you are able to reach out in the future if similar incidents should occur.
Forum: Everything else WordPress
In reply to: Problem setting up ww.wp.xz.cn AccountIt does indeed sound like your company email server is being flagged, I’ll escalate it and see if we can find out the reason, as I’m not seeing an immediate cause for it (it may have been a temporary fluke that has since been resolved, as I unfortunate did not have a chance to follow up with you yesterday).
Forum: Everything else WordPress
In reply to: Problem setting up ww.wp.xz.cn AccountHi there,
I’m going to presume you are encountering issues sending emails, and not that you are receiving an automated rejection response from the email mentioned?
If that is the case, please check your outbound spamfilters first of all, as we rely on reliable email transactions to verify who individuals are (if we can’t email back and forth, then we don’t know who you are after all).
If it’s an outbound spamfilter, we would love to hear more about it of course, you may also reach out on Slack if there is information in the filter that can not be posted publicly.
Forum: Fixing WordPress
In reply to: All hyperlinks now underlinedHiya,
Just chiming in to let y’all know that it’s known that the new CSS selectors (which, as you’ve discovered, are intentionally meant to be quite weak, to make them easier to customize), may have unexpected consequences in some scenarios.
You can read more about the change at https://make.ww.wp.xz.cn/core/2024/06/21/wordpress-6-6-css-specificity/, and the discussion about the fix for this can also be followed at https://core.trac.ww.wp.xz.cn/ticket/61660
Forum: Alpha/Beta/RC
In reply to: Calling ‘have_posts()’ in a custom block returns falseThis is partially expected behavior, as WordPress 6.4 changes how templates outside the post content are loaded.
While the fact that it returns
truewhen you call the function again is a bit unexpected, but a plugin would also not callhave_posts()multiple times in a row like that, so for now this seems like an unhandled edge case.A developers note is being published to ensure this change is communicated, once it has been published, I’ll make sure to add a link to it here as well, and if there’s any unexpected interactions that users encounter due ot this change, we would love to hear about them as well.
Forum: Everything else WordPress
In reply to: New Tab/Window ≠ Misleading = plz fixI will correct my self, as WordPress does not add both of these attributes any more (and has not since version 5.6), but the Gutenberg plugin may still be doing so it seems.
There aare many examples of plugins or code to filter the attributes though, and if one does not work in your specific example, I would urge you to try one of the other solutions available. One such example is https://github.com/WordPress/gutenberg/issues/26914, linked to from the topic above.
Forum: Everything else WordPress
In reply to: New Tab/Window ≠ Misleading = plz fixHiya @vvt10551
Just letting you know, I archived your last reply, there is an apparent language barrier here, and your words were not well chosen, but we also all make mistakes so I’ve cleared that one up for you 🙂
As to your issue at hand, the
noreferrerandnoopenerattributes automatically added to links are there to tell browsers to remove tracking information when you click links, they do not have any relation to a links ability to be opened in a new tab or window.
In fact, you can choose this when adding a link in WordPress as well (when adding a link, under the “Advanced” dropdown there is an option to open links in a new window).If you wish to remove this feature from your WordPress installation, you will need to use a plugin, or some custom code. There are many examples of how to do this online, but a reference from the ww.wp.xz.cn forums can be seen at https://ww.wp.xz.cn/support/topic/how-to-stop-gutenberg-from-adding-rel-noreferrer-to-new-links/ for example.
Forum: Fixing WordPress
In reply to: Fatal error wp-includes/class-wp-hook.php on line 308The error message indicated that a function that comes bundled with WordPress was missing, and being familiar with the tests WordPress performs, this is not the kind of file that would be missed during testing.
Forum: Fixing WordPress
In reply to: upgrade.php is 404 after update to 6.3Are any of you using any security plugins or plugins that change the wp-admin directory in any way?
Hiya,
Most likely, there is one or more files in your
wp-content/mu-pluginsdirectory that are added by your previous host, that you would want to remove.If I was a betting man, I would also suspect that you have some caching files (so called drop-ins) directly under your
wp-contentdirectory as well that you may wish to remove, as well as some configuration options in thewp-config.phpfile that are host specific.What all of these are, is hard for me to say, as I do not use Bluehost for my own hosting, so I don’t know which features they have or offer at this time.