Hi,

When checking your plugin for PHP 8.2 compatibility, these warnings and errors are found. Can you please update your plugin to be fully compatible with 8.2 and preferably 8.3 as well?

FILE: public/app/plugins/patchstack/includes/2fa/polyfill/lib/byte_safe_strings.php
------------------------------------------------------------------------------------------------------------------------
FOUND 2 ERRORS AND 2 WARNINGS AFFECTING 2 LINES
------------------------------------------------------------------------------------------------------------------------
 33 | WARNING | INI directive 'mbstring.func_overload' is deprecated since PHP 7.2 and removed since PHP 8.0
    |         | (PHPCompatibility.IniDirectives.RemovedIniDirectives.mbstring_func_overloadDeprecatedRemoved)
 33 | ERROR   | The constant "MB_OVERLOAD_STRING" is removed since PHP 8.0
    |         | (PHPCompatibility.Constants.RemovedConstants.mb_overload_stringRemoved)
 87 | WARNING | INI directive 'mbstring.func_overload' is deprecated since PHP 7.2 and removed since PHP 8.0
    |         | (PHPCompatibility.IniDirectives.RemovedIniDirectives.mbstring_func_overloadDeprecatedRemoved)
 87 | ERROR   | The constant "MB_OVERLOAD_STRING" is removed since PHP 8.0
    |         | (PHPCompatibility.Constants.RemovedConstants.mb_overload_stringRemoved)
------------------------------------------------------------------------------------------------------------------------


FILE: public/app/plugins/patchstack/includes/2fa/polyfill/lib/random_bytes_mcrypt.php
------------------------------------------------------------------------------------------------------------------------
FOUND 3 ERRORS AFFECTING 1 LINE
------------------------------------------------------------------------------------------------------------------------
 60 | ERROR | Function mcrypt_create_iv() is deprecated since PHP 7.1 and removed since PHP 7.2; Use random_bytes() or
    |       | OpenSSL instead (PHPCompatibility.FunctionUse.RemovedFunctions.mcrypt_create_ivDeprecatedRemoved)
 60 | ERROR | Extension 'mcrypt' is deprecated since PHP 7.1 and removed since PHP 7.2; Use openssl (preferred) or
    |       | pecl/mcrypt once available instead
    |       | (PHPCompatibility.Extensions.RemovedExtensions.mcryptDeprecatedRemoved)
 60 | ERROR | The constant "MCRYPT_DEV_URANDOM" is deprecated since PHP 7.1 and removed since PHP 7.2
    |       | (PHPCompatibility.Constants.RemovedConstants.mcrypt_dev_urandomDeprecatedRemoved)
------------------------------------------------------------------------------------------------------------------------

When I log into my WHM Cpanel, I see a banner written about WP Guardian as a cPanel Addon doing virtual patching from Patchstack. Wuu! I saved the setting and entered into my WHM account, however, it seems like a purchased product from cPanel. So I want to learn more.

Fast forward, I also see a Patchstack downloadable WP and plugins security in add plugin section of my wordpress menu, and now I’m confused :(.

Are these the same product? If I’m using Wordfence, do I need also need this solution?

Ron

Hello,

Lately I have been getting many notifications telling me that “Patchstack plugin desynchronised!” They are up top date, and I keep reactivating, but why might this be happening suddenly after so long?
Thank you.

Hi, is Patchstack meant to be an additional security plugin or meant to replace other security plugins like Wordfence?

I ask as I am a bit confused on what Patchstack actually does compared to the other plugins. The reason is because I saw on SolidWP (formerly known as Ithemes) website that Patchstack is included in their paid versions. That tells me Patchstack is an add-on to harden already existing secutity features provided by SolidWP.

Now, SolidWP is a Wordfence competitor, can I then assume to also use Wordfence and Patchstack together? Or is Patchstack working with SolidWP exclusively because they “fulfil” each other better? (maybe because the latter 2 come from same company/developer?)

Thanks ??

Hi There,
I want to know how to locate the vulnerability found by your researchers in this particular plugin. Just marking a plugin vulnerable without providing evidence is not enough. Please provide step by step guide about the vulnerabilities found in this plugin so it can be fixed by the plugin author.

Thanks
Farhan.

Woocommerce is building a beta cart/checkout blocks using REST API. Unfortunetely, the REST API is restricted for visitors that are not logged in.

To reproduce this issue, add a product to the woocommerce cart. Then, try to change the quantity. The quantity won’t change, because REST API is restricted for visitors.

I think need some update on this.

store some information such as the software installed on your site.

That is incredible vague.. if not clear I’m not using it..

• This topic was modified 1 year, 9 months ago by snippet24.

So my question is whether is compatible or not with Sucuri