Nextendweb
Forum Replies Created
-
Found two more:
PHP Warning: Undefined array key "file_upload" in /var/www/wp-content/plugins/ninja-forms/includes/AJAX/Controllers/Submission.php on line 551;PHP Warning: Undefined array key "unchecked_calc_value" in /var/www/wp-content/plugins/ninja-forms/includes/Fields/Checkbox.php on line 157Forum: Plugins
In reply to: [Smart Slider 3] Smart Slider 3 Pro update@brentcredle, I analyzed the infection and at stage one it infected files at the first stage and notified a remote site about it. Nothing happened with my test site since that, so I think we catched it early on.
We don’t rule it out even if the chance is small that they could access anything like passwords. We are just precautious.
Forum: Plugins
In reply to: [Smart Slider 3] Smart Slider 3 Pro update@brentcredle, Manual cleanup is not required when you use the provided cleanup plugin.
Forum: Plugins
In reply to: [Smart Slider 3] Smart Slider 3 Pro updateSecurity Advisory – Smart Slider 3 Pro
We have identified a security incident affecting Smart Slider 3 Pro.
An unauthorized party gained access to our update system and made a malicious plugin version (3.5.1.35 Pro) available for a limited period of time. This version is not an official release from Nextend.
The malicious version was accessible through our update server for approximately 6 hours before we detected and contained the issue.
Important:
- The free version of Smart Slider 3 on ww.wp.xz.cn is NOT affected
- Only users who updated Smart Slider 3 Pro during this time window may be impacted
The malicious version may create unauthorized administrator accounts.
Actions we have taken:
- Immediately shut down our update servers
- Removed the malicious version
- Secured and are auditing our systems
- Began a full investigation into the incident
Immediate actions we strongly recommend:
- Check your WordPress admin users and remove any unknown accounts
- Remove Smart Slider 3 Pro version 3.5.1.35 if installed
- Reinstall the plugin from a trusted, clean source
- Reset all administrator passwords
- Review your site for any suspicious activity
We deeply regret this incident and are taking all necessary steps to strengthen our security and prevent this from happening again.
We will provide further updates as our investigation progresses.
If you believe your site is affected, please contact us at [email protected] and will send you the latest clean installer.
Forum: Plugins
In reply to: [Smart Slider 3] Memory leak with php 8.1Hi @aszele,
The applications written in PHP should not cause memory leaks as PHP server should free up all the memory on every page load. Memory leaks are caused by the PHP core, which is really hard to fix at the application level. If you check the changelog of PHP 8, you will see that there are a ton of fixes for different memory leak problems. This is why I think the best bet to update the PHP runtime for the latest version.
Here is one, which I think might be related: https://github.com/php/php-src/issues/8646 It’s memory leak in PHP 8.1 FPM which was fixed in PHP 8.2.5.
Forum: Plugins
In reply to: [Advanced Custom Fields (ACF®)] Unable to filter stylesheet_directoryThanks, I have just sent it to you!
Forum: Reviews
In reply to: [Smart Slider 3] Extremely poor supportHi @willcycle,
I just checked the installer what my colleagues sent you in the first reply and compared its content with the one we released today. I can confirm that everything was in the right place in that installer and the fix was the right one. There is no change between the two installer which relates to this problem. We never told you that we missed any file from the installer, what my colleagues meant that some file might not get overridden on your server by the installer. But it’s just one of the possible explanation for this situation.I’m not sure what happened, but as a result some files stuck in their old version on your website. As the install process is handled by WordPress and your server, we are unable to tell what was exactly the cause. When this happens, we always suggest to try with FTP file upload as a workaround. It might happen that the old PHP files were stuck in the PHP OPcache. It’s very rare and very hard to tell…
Forum: Fixing WordPress
In reply to: WordPress v6.2.1 Breaks the Shortcode Block in Templates@timbearcub,
Smart Slider 3 will be fixed soon. We will use the following filter without using shortcode in the future:/** * Filters the content of a single block. * * The dynamic portion of the hook name,$name, refers to * the block name, e.g. "core/paragraph". * * @since 5.7.0 * @since 5.9.0 The$instanceparameter was added. * * @param string $block_content The block content. * @param array $block The full block, including name and attributes. * @param WP_Block $instance The block instance. */ $block_content = apply_filters( "render_block_{$this->name}", $block_content, $this->parsed_block, $this );Hi @chris-yau,
We had an unexpected issue with one of our servers. We fixed the problem and now all of our services should work as expected. Thank you for reporting!Forum: Plugins
In reply to: [Ecwid by Lightspeed Ecommerce Shopping Cart] Output buffer problemThank you @meteor1ecwid!
Forum: Reviews
In reply to: [Smart Slider 3] EDIT: Not all features still workingHi @inthischest,
thank you for your feedback. This is the first time that we had to remove a “feature” from Smart Slider 3, but the intention of this feature removal is not to sell more pro package. We had to make this change to comply with ww.wp.xz.cn repository rules which does not allow to include unfiltered HTML input from user input. So we must filter every input field and we can only allow HTML codes which meant to be allowed for the given context. As you probably used Text layer in the past to include custom HTML into your sliders, your iframe gets filtered out with this update. Text layer is a paragraph and it meant to be contain only text specific HTML codes, like bold, italic and links.HTML layer was always been a pro feature and that layer would be the perfect for your use case as it allows to place iframe tag.
Forum: Plugins
In reply to: [Smart Slider 3] THIS PLUGIN AUTOMATIC SEND OUT SPAM EMAIL AFTER UPGRADEHi @imtester,
Smart Slider 3 itself does not send out any kind of emails. Also we do not know any kind of vulnerability which would make Smart Slider 3 to send out spam emails.I suggest you make a full security audit on your site. Check core WordPress files, plugins and themes source code for clues. It might happen that a malware created new PHP files or infected existing files which might give you assumption that a specific plugin is the root of the spam emails.
Could you share us the details what you found?
Thank you @epsiloncool!
Forum: Plugins
In reply to: [Smart Slider 3] Disable Webfont Loader?@daanvandenbergh, I tried it, but the free version of OMGF was not able to catch the Google font injected by Smart Slider.
As not every page/post contain sliders, we inject stylesheets and scripts with an output buffer as needed. Your free version only parse through the enqueued styles for Google fonts, so it is not able to catch ours.
If you give me a private pro access, I can give it a try to see if it works or not.
Also I’m open to find solution to support your free version with a custom hook. Our limits are that we can not wp enqueue the Google fonts and we can only tell the Google fonts url after the
wp_footerdone. Probably you use output buffer in your pro version, but for this case you should use that too in the free version.Forum: Plugins
In reply to: [Smart Slider 3] Disable Webfont Loader?Hi @daanvandenbergh,
we are dropping that Google Font implementation in version 3.5. Probably it will be released on the next week.I red through your plugin description and I think Smart Slider itself will be compatible only with the pro version of your plugin as we do not simply enqueue the Google fonts. Does your plugin have a public api in the free version where could hook the Google fonts for free users too?
Please contact with me at [email protected] to discuss the details. Thank you!