gmichaels
Forum Replies Created
-
Severity: High
Category: csrf
Summary: NextGEN Gallery Plugin <= 3.28 is vulnerable to Cross Site Request Forgery (CSRF)
Description: Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin <= 3.28 leading to thumbnail alteration.
Severity: High
Category: acl violation
Summary: NextGEN Gallery <= 3.37 - Authenticated (Admininistrator+) Arbitrary File Read and Deletion in gallery_edit
Description: The NextGEN Gallery plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in versions up to, and including, 3.37. This is due to insufficient input validation within the gallery_edit function. This makes it possible for authenticated attackers, with administrator-level privileges and above, to read and delete arbitrary files.
Severity: High
Category: lfi
Summary: NextGEN Gallery < 3.39 - Admin+ Local File Inclusion
Description: The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks
Severity: Critical
Category: other
Summary: WordPress Gallery Plugin – NextGEN Gallery <= 3.38 - Authenticated (Admin+) PHAR Deserialization
Description: The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 3.38 via deserialization of untrusted input in the gallery_edit function. This makes it possible for authenticated attackers, with administrative-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Severity: High
Category: other
Summary: WordPress Gallery Plugin – NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure
Description: The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin.Forum: Plugins
In reply to: [Glossary] Editing archive pageyes, I know this, you did not answer my question!
from your documentation pages –
This archive page is created automatically, and “glossary” is its default slug (e.g., “yoursite.com/glossary”).
What is the name of the page or post that the plugin creates for /glossary/
When I search for the page or post glossary nothing is returned!!! https://nimb.ws/k6svKU
Forum: Plugins
In reply to: [Theme My Login] Login is no longer workingYou are not alone, the developer doesn’t respond very fast so sit back and read a novel, have a sandwich or get a few dozen cups of coffee its going to be a while!
In the mean time try adding this code to the functions.php file at the very bottom of the page if you have FTP access to your site.
function disable_tml_ajax( $form_name, $form ) { $form->remove_attribute( 'data-ajax' ); } add_action( 'tml_registered_form', 'disable_tml_ajax', 10, 2 );It is supposed to disable AJAX on the login form, it did not work for me. Hope you find a solution!!!
Forum: Plugins
In reply to: [Theme My Login] updating wordpress broke loginI have tried adding this to the functions.php file and still doesn’t allow login,
function disable_tml_ajax( $form_name, $form ) {
$form->remove_attribute( ‘data-ajax’ );
}
add_action( ‘tml_registered_form’, ‘disable_tml_ajax’, 10, 2 );Forum: Plugins
In reply to: [Theme My Login] updating wordpress broke loginI don’t have access to the TML settings in the admin, I cannot login.
is there a way to disable these via the DB or code?
Forum: Plugins
In reply to: [Theme My Login] updating wordpress broke loginI set
define(‘WP_DEBUG’, true);
and there are NO errors being output.Forum: Plugins
In reply to: [Theme My Login] Log In Button Creates No ActionIs there a method to disable Dashboard > Theme My Login > General > Uncheck Enable AJAX requests if you cannot login to the admin? I get this error message on console load
Uncaught TypeError: a.responseJSON is undefined
<anonymous> https://buffaloastronomy.com/wp-content/plugins/theme-my-login/assets/scripts/theme-my-login.min.js:1
jQuery 4
theme-my-login.min.js:1:615Forum: Plugins
In reply to: [Volunteer Sign Up Sheets] Email Settings page – Confirmation Email templateOK, thanks!
I am using Post SMTP Mailer/Email Log Plugin but all other e-mails look fine in both Microsoft Outlook 2013 and Gmail.
I will use your suggestions for a resolution.
Thanks!