A. Jones
Forum Replies Created
-
Forum: Plugins
In reply to: [Featured Image Thumbnail Grid] Version 7.10 – fatal errorThank you for reporting this issue. I need some additional information from you as I can not duplicate this. It’s possible that you have a conflict.
please install (but do not activate) the plugin.
Follow the instructions in the above link to test on your staging site or to enable troubleshooting mode. Do not do this on your live site.
In either case, while on your staging site or in troubleshooting mode, deactivate all of the plugins and activate this plugin. If it activates, try activating the other plugins one by one to identify the conflict.
If you still have an error when you activate the plugin, please let me know if it provides any information.
- This reply was modified 8 months ago by A. Jones.
Forum: Plugins
In reply to: [(Simply) Guest Author Name] Name field unicode supportGreat! Thank you so much for bringing this to my attention.
Forum: Plugins
In reply to: [(Simply) Guest Author Name] 4.36 is vulnerable to Cross Site Scripting (XSS)This should be resolved.
Forum: Plugins
In reply to: [(Simply) Guest Author Name] (Simply) Guest Author Name VulnerabilityThis should be resolved.
Forum: Plugins
In reply to: [(Simply) Guest Author Name] Name field unicode supportShould be resolved in 4..41
Forum: Plugins
In reply to: [(Simply) Guest Author Name] Name field unicode supportThat’s not good! It looks like the security fix that I put in caused a new issue.
Forum: Plugins
In reply to: [(Simply) Guest Author Name] 4.36 is vulnerable to Cross Site Scripting (XSS)Hello, I was able to reach patchstack and see the very obscure security issue which … I have not been able to duplicate. I will attempt to patch it ASAP.
Forum: Plugins
In reply to: [(Simply) Guest Author Name] (Simply) Guest Author Name VulnerabilityHello, I was able to reach patchstack and see the very obscure security issue which … I have not been able to duplicate. I will attempt to patch it ASAP.
Forum: Plugins
In reply to: [(Simply) Guest Author Name] (Simply) Guest Author Name VulnerabilityUpdate: I was able to reach out to patchstack. They say that they have attempted to reach. me via slack and via our contact page (which was broken). There is no message in slack. I have reached out to them again, fixed the contact page and will keep looking for an update in slack @nomadcoder
Forum: Plugins
In reply to: [(Simply) Guest Author Name] (Simply) Guest Author Name VulnerabilityThis seems like an excellent plan. I have tried to exploit almost every possible input field and have not been able to cause any cross scripting errors so whatever this is, it’s pretty obscure. I am going to try to reach out to patch stack today to see if I can find out what the issue is before I send out an update.
Forum: Plugins
In reply to: [(Simply) Guest Author Name] (Simply) Guest Author Name VulnerabilityThank you. I am still waiting for the expected email from patchstack telling me how to duplicate the issue. I will keep testing and I can guess as to the cause and perhaps fix something but it may not be the something that I need to fix. I hope that makes sense. Wordfence has this listed as medium security and patchstack has it listed as low severity. Either way, there is no risk to you from your users and this will be resolved as soon as possible.
Forum: Plugins
In reply to: [(Simply) Guest Author Name] 4.36 is vulnerable to Cross Site Scripting (XSS)Just to follow up, my testing has not shown what the issue is. WPScan does not reflect the issue and I do not have the ability to test it without specifics. Again, this is a low risk issue and will be fixed as soon as I get the report.
Forum: Plugins
In reply to: [(Simply) Guest Author Name] (Simply) Guest Author Name VulnerabilityJust to follow up, my testing has not shown what the issue is. WPScan does not reflect the issue and I do not have the ability to test it. Again, this is a low risk issue and will be fixed as soon as I get the report.
Forum: Plugins
In reply to: [(Simply) Guest Author Name] (Simply) Guest Author Name VulnerabilityHello,
Thank you for pointing this out. I checked the database and I do see that there was an issue reported. The issue has not propagated yet and I have not yet received the email from them that would allow me to duplicate the issue and report to them that it has been fixed. (Therefore, I know that there is an issue but do not know what the issue is ).
I am investigating and believe that all of my output properly escaped. I have not been able to determine what the issue is and am waiting for a report. If you have details beyond “cross script”, please let me know. The issue would almost 100% be on the admin side and is reported to be “low risk”.
You indicated that there is more than one issue. I only see one issue reported. If you have details that would enable me to duplicate them, I would appreciate it.
Forum: Plugins
In reply to: [(Simply) Guest Author Name] 4.36 is vulnerable to Cross Site Scripting (XSS)Patchstack hasn’t posted any details yet. Did they give you any details? It doesn’t look like a high priority issue and as far as I know, everything is escaped properly. I will probably have to wait for their email unless they gave you specific details.