4.0.1 Still Breaks Sites

  • We discovered the sites we had updated to 4.0.1 were not loading the CSS, and we could not log into the back end. Turns out the new version sets a session cookie that then expires, which ModSecurity interprets as (here’s the irony) a cross-site scripting attack! We had to revert to the earlier version of the plugin with the actual cross-site scripting vulnerability to get the sites functional again ?? If you can stop the plugin from setting cookies or at least add an option to disable them, that should solve the issue.

Viewing 2 replies - 1 through 2 (of 2 total)

  • Same here, breaks normal dashboard login. Only recovery mode possible. Used 4.0.0 version from Git link and it works for now. Blocked updates until fixed. I went with ftp, deleted old testimonials directory and manually uploaded the one from Git.

    Thread Starter michaelsandmichaels

    (@michaelsandmichaels)

    Thanks for the tip on the 4.0.0 version, daspi!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘4.0.1 Still Breaks Sites’ is closed to new replies.