[CRITICAL] 3 Major Bugs Report

Resolved theorist1
(@theorist1)

1 month ago
I am reporting three critical issues found in LoginPress Free (6.1.0) and LoginPress Pro (6.0.0) running on WordPress 6.9 (PHP 8.1).

Below are the details and the fixes I had to apply manually to make the plugin work.BUG #1: PHP 8.x Fatal Error (Limit Login Attempts Add-on)

Severity: Critical (Site Crash)
Error: PHP Fatal error: Uncaught TypeError: Unsupported operand types: string * int in class-attempts.php:692

Root Cause:
1. Missing Table: The table wp_loginpress_limit_login_details is not created upon activation.
2. Type Error: Without the table, the code retrieves empty strings and attempts arithmetic operations on them, violating PHP 8 strict typing.
The Fix:
Ensure the table is created on activation. Here is the missing SQL schema:codeSQL
```
CREATE TABLE IF NOT EXISTS wp_loginpress_limit_login_details (
    id int(11) NOT NULL AUTO_INCREMENT,
    ip varchar(255) NOT NULL,
    username varchar(255) NOT NULL,
    datentime varchar(255) NOT NULL,
    gateway varchar(255) NOT NULL,
    whitelist int(11) NOT NULL,
    blacklist int(11) NOT NULL,
    login_status varchar(255) NOT NULL,
    UNIQUE KEY id (id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
```
Also, please update class-attempts.php to check for table existence before querying.BUG #2: JS ReferenceError “sprintf is not defined”

File: loginpress-pro/build/index.js
Error: ReferenceError: sprintf is not defined

Root Cause:
In the compiled React JS, sprintf() is called directly without the wp.i18n namespace.

The Fix:
Replace standalone sprintf( calls with (0, wp.i18n.sprintf)( in your build process.BUG #3: Missing REST Endpoint (404 Error)

Error: GET /wp-json/loginpress/v1/captcha-tab-visibility 404 (Not Found)

Root Cause:
The React frontend calls this endpoint, but it is never registered in the PHP backend.

The Fix:
Add this to loginpress/classes/traits/loginpress-rest-trait.php:codePHP
```
register_rest_route(
    LOGINPRESS_REST_NAMESPACE,
    '/captcha-tab-visibility',
    array(
        'methods'             => 'GET',
        'callback'            => array( $this, 'loginpress_get_captcha_tab_visibility' ),
        'permission_callback' => array( $this, 'loginpress_rest_can_manage_options' ),
    )
);

// Callback:
public function loginpress_get_captcha_tab_visibility() {
    $visible = false;
    // ... logic to check if captcha addon is active ...
    return array( 'visible' => $visible );
}
```
Environment:
- WP: 6.9
- PHP: 8.1
- LoginPress Free: 6.1.0 / Pro: 6.0.0

Viewing 4 replies - 1 through 4 (of 4 total)

Plugin Support Support Team
(@teamsupportbrigade)

1 month ago

Hi @theorist1!

Thank you for reaching out to us. The reported errors have already been fixed in the latest LoginPress Pro (v6.1). Please update to the latest version of the Pro plugin and let us know how it goes.

Please let us know if you need anymore help!
Thread Starter theorist1
(@theorist1)

1 month ago
I updated to LoginPress Free 6.1.0 and LoginPress Pro 6.1.0 and tested all three bugs from my previous report. Here’s the
current status:

⚠️ BUG #1 (PHP Fatal Error in Limit Login Attempts): INCOMPLETE FIX

What you fixed:
- ✅ Added intval() on line 668
- ✅ Table creation with CREATE TABLE IF NOT EXISTS What’s still broken:
  Your fix will still crash on PHP 8.0+ in edge cases because you’re using empty string defaults instead of integers. File: addons/limit-login-attempts/classes/class-attempts.php Lines 666-668:
  $attempts_allowed = isset(…) ? … : ”; // ← empty string!
  $lockout_increase = isset(…) ? … : ”; // ← empty string!
  $minutes_lockout = isset(…) ? intval(…) : ”; // ← empty string! Line 675 crashes:
  $lockout_time = $current_time – ( $minutes_lockout * 60 );
  // If $minutes_lockout is ” → TypeError: int – (” * 60) The proper fix:
  $attempts_allowed = isset(…) ? intval(…) : 4; // ← integer default
  $lockout_increase = isset(…) ? intval(…) : 0; // ← integer default
  $minutes_lockout = isset(…) ? intval(…) : 20; // ← integer default What’s missing:
1. check_table_exists() method to verify table before queries
2. maybe_create_table() fallback if activation hook fails on fresh installs
3. All default values should be integers, not empty strings Result: Fresh installations or missing settings will still crash with TypeError.
✅ BUG #2 (sprintf is not defined): FULLY FIXED

All 26 sprintf calls now use correct (0,r.sprintf)( syntax. Thank you!

❌ BUG #3 (captcha-tab-visibility REST endpoint): NOT FIXED

Error:
GET /wp-json/loginpress/v1/captcha-tab-visibility 404 (Not Found)

Issue:
JavaScript in loginpress/build/index.js calls /captcha-tab-visibility endpoint, but this REST route is not registered in
loginpress/classes/traits/loginpress-rest-trait.php.

Fix needed:
Add the missing REST endpoint as described in my original report (see original message for code).

Environment:
- LoginPress Free: 6.1.0
- LoginPress Pro: 6.1.0
- PHP: 8.0+
- WordPress: 6.9
- Date: 2025-12-18 Please replace empty string defaults with integer defaults in BUG #1 and add the missing REST endpoint for BUG #3. Regards.
- This reply was modified 1 month ago by theorist1.
Plugin Support Support Team
(@teamsupportbrigade)

1 month ago

Hi, @theorist1!

Thank you for sharing all the details. We’re pleased to inform you that the issue has been resolved and the fix will be included in the upcoming plugin release. If you would like to access the beta version of this fix, please reach out to us through our Support Forum and we’ll be happy to assist you further.

Looking Forward!

Plugin Support Support Team
(@teamsupportbrigade)

1 week, 6 days ago

Hi @theorist1

Just a quick update that the above reported issue has been successfully resolved in the latest LoginPress update.

We’ve just released this fix, and we recommend updating LoginPress to the latest version at your earliest convenience. Once updated, the issue should be fully resolved.

If you have any questions, please don’t hesitate to reach out we’ll be happy to assist further.

Thank you for your patience and for using LoginPress, Happy Customizing!

Viewing 4 replies - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.