prwackymonarch's Replies

Forum Replies Created

Viewing 7 replies - 1 through 7 (of 7 total)

Forum: Plugins
In reply to: [Customer Reviews for WooCommerce] Version 5.107.0 cr_upload_media endpoint

prwackymonarch
(@prwackymonarch)

3 weeks, 1 day ago

Hi,

This is NOT RESOLVED. We observed the same issue on our WooCommerce site with Customer Reviews for WooCommerce 5.108.0.

An unauthenticated request to the plugin upload flow created a media attachment in WordPress. The attachment had post_author = 0 and the cr-upload-temp-key meta, which points to the plugin’s upload handling.

After disabling the plugin, the same upload endpoint tests return HTTP 400 / 0 and no media is created.

Leaving an unauthenticated public upload endpoint open is not acceptable for a production WooCommerce site, even if file extensions are filtered. It allows bots or third parties to create media entries and store arbitrary files in the WordPress uploads directory.

Please provide a security fix or a clear way to fully disable these public uploads. The 5.108.0 changelog does not mention any fix for this, and the hole is still present in the codebase.

Thanks.

Forum: Themes and Templates
In reply to: [Astra] Fix suggestion: Compatibility with “Product Bundles for WooCommerce” plugin
Thread Starter prwackymonarch
(@prwackymonarch)

4 months, 2 weeks ago
Hi @bsfaradhy,

Sorry for the delay. Sorry I can’t give you this but if you give me a sandbox env I will replicate easily.

Regards,

Pr
- This reply was modified 4 months, 2 weeks ago by prwackymonarch.
Forum: Plugins
In reply to: [CDI - Collect and Deliver Interface for Woocommerce] Mode de livraison CDI non disponible

prwackymonarch
(@prwackymonarch)

10 months, 2 weeks ago

Je confirme que le plugin n’est pas compatible avec WooCommerce 10.x. Nous avons dû revenir en v9.x pour retrouver un système fonctionnel.

Forum: Plugins
In reply to: [Custom API for WP] permission callback

Thread Starter prwackymonarch
(@prwackymonarch)

5 years, 3 months ago

Hi,

I just sent you an email from the contact form in the plugin. And we are using Apache.

Regards,

Pr

Forum: Plugins
In reply to: [Colissimo Delivery Integration] HT et TTC : option disparue ?

Thread Starter prwackymonarch
(@prwackymonarch)

7 years, 10 months ago

UP

Forum: Plugins
In reply to: [Colissimo Delivery Integration] HT et TTC : option disparue ?

Thread Starter prwackymonarch
(@prwackymonarch)

7 years, 10 months ago

Bonsoir,

Merci pour votre réponse. Dans le post en question il est indiqué “En revanche, les sites déjà stabilisés en exploitation, développés avec ces fonctions, auront un fonctionnement opérationnel inchangé tant pour les exploitants des sites que pour leurs clients internautes.”

Je fais partie de cette population mais l’option a clairement sauté !! Que faire ??

Merci.

Forum: Plugins
In reply to: [WooCommerce] Add text to email notification in WooCommerce when Local Pickup

prwackymonarch
(@prwackymonarch)

8 years, 11 months ago

Hi there,
Same thing on WC 3, nothing shows up in the email body.

I’m currently looking for a way to add this text *before* the table (see screenshot ), maybe you’ll know how @icaleb ?

Thanks !

Dr

Viewing 7 replies - 1 through 7 (of 7 total)