wwwXpert

There’s a security advisory for this plug-in: https://nvd.nist.gov/vuln/detail/CVE-2023-0362

If your wordpress instance encountered a critical error, FTP or SSH to the server and delete the folder /wp-content/plugins/themify-portfolio-post.

This should bring your site back online. If you choose to reinstall the plug-in, deactivate it until themify releases a patched update.

Error Details
=============
An error of type E_ERROR was caused in line 54 of the file /wp-content/plugins/themify-portfolio-post/themify-portfolio-post.php.
Error message: Uncaught Error: Class ‘Themify_Portfolio_Post’ not found in /wp-content/plugins/themify-portfolio-post/themify-portfolio-post.php:54

I’ve deactivated this plugin due to critical latency issues with wordpress versions 5.8.1 and 5.8.2.

It renders the wordpress CMS unsusable.

The work-around I used is below:

Deactivate w3-total-cache plugin (DO NOT Enable CloudFront CDN in w3-total-cache when starting).

Install, configure, test and deploy CloudFront using AWS For WordPress Plugin
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/WordPressPlugIn.html

After successfully deploying AWS CloudFront, Deactivate AWS For WordPress Plugin.

Activate w3-total-cache using the CloudFront settings that were used for AWS For WordPress Plugin.

This is due to w3 total cache loading the Aws SDK without checking if it’s already loaded. I tested this with AWS Plugin for WordPress developed by Amazon. All the classes in Aws/functions.php are loaded again by w3 total cache instead of using include_once or require_once.

Restarted Setup
Certificate Creation and Validation – Completed
CloudFront Distribution Deployment – Error

Your SSL/TLS certificate has been successfully created and validated. CloudFront is now creating a distribution that is optimized for your WordPress website. For more information, see the CloudFront documentation. It can take several minutes for the distribution to deploy globally.

This page refreshes automatically while the deployment is in progress. Last updated at July 25, 2020, 15:32:49 UTC.

Error in Setup
There was an error retrieving the status of the CloudFront distribution. Try again.
The following response was returned:

Caught exception in method AmazonAI_Cloudformation::check_cf_creation in class AmazonAI_Cloudformation:
CloudFormation stack is in an unexpected state. CloudFront distribution state is and stack state is CREATE_FAILED

C:\>aws cloudformation list-stacks --stack-status-filter CREATE_FAILED
{
    "StackSummaries": []
}

• This reply was modified 4 years, 4 months ago by wwwXpert.

Running aws CLI to list stack status I get the following:

C:\>aws cloudformation list-stacks --stack-status-filter UPDATE_ROLLBACK_COMPLETE
{
    "StackSummaries": [
        {
            "StackId": "arn:aws:cloudformation:us-east-1:XXXXXXXXXXXX:stack/CFWPStackXXXXXXXXXXXXXXXXXXXXXXXX/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
            "StackName": "CFWPStackXXXXXXXXXXXXXXXXXXXXXXXX",
            "CreationTime": "2020-07-25T14:02:39.975000+00:00",
            "LastUpdatedTime": "2020-07-25T14:21:07.335000+00:00",
            "StackStatus": "UPDATE_ROLLBACK_COMPLETE",
            "DriftInformation": {
                "StackDriftStatus": "NOT_CHECKED"
            }
        }
    ]
}

• This reply was modified 4 years, 4 months ago by wwwXpert.

I’m experiencing the same thing.

Caught exception in method AmazonAI_Cloudformation::check_cf_creation in class AmazonAI_Cloudformation:
CloudFormation stack is in an unexpected state. CloudFront distribution state is and stack state is UPDATE_ROLLBACK_COMPLETE

No Stacks listed in AWS Console CloudFormation in any state: Active, Complete, Failed, Deleted, In Progress

Replicated the issue on an another website.

Running previous version 2.1.1 that was still working.

Updated to 2.2.1 and authentication immediately broke (got the same error).

1. I took screen shots of the steps to get it working again.
   
2. Remove Connection
   
3. Allow Plugin to send emails using your Gmail Account
   
4. Grant permission to read, compose, send and delete all of your email from Gmail – Allow
   
5. Confirm your choices – Allow
   
6. You have successfully linked the current site with your Google API project.
   
7. Test HTML email was sent successfully!
   

• This reply was modified 4 years, 4 months ago by wwwXpert.

Upgraded again to 2.2.1 to reproduce the error.
Surprisingly it’s still working.

For anyone else experiencing this, I did the following:
Login to Google with the Google Account you used to create the Google API.

Go to the plugin settings and click “Remove Connection”
Reconnect and Approve.

If it still doesn’t work, rename the plugin folder to wp-mail-smtp-2.2.1, install the prev ver 2.1.1 and test.

If it works.

Upgrade again to the latest version 2.2.1.

Downgraded to 2.1.1 and it’s working again.

I just started getting this error too.

WP SMTP Mail has been running without issue since May 2019.

I’ve been consistently upgrading and applying all security patches.

I updated to Version: 2.2.1 which is when this problem arose.

No changes or additions to the existing API have occurred.

Same ID and Secret.

Authorized domains have not changed.

Quotas are way below the Limits.

Queries per minute
7 Day Peak Usage: 205
Limit: 1,200,000

Queries per day
7 Day Peak Usage: 2,963
Limit: 1,000,000,000

• This reply was modified 4 years, 4 months ago by wwwXpert.

If you want to bypass the domain validation, change the following line.

File: wp-content/plugins/contact-form-7/includes/config-validator.php
Change Line: 182

return ( substr( $email, - strlen( $site_domain ) ) == $site_domain );

to this

return TRUE;

I’ve modified the function test_email_in_site_domain to address the scenario I mentioned above.

public function test_email_in_site_domain( $content ) {
		if ( wpcf7_is_localhost() ) {
			return true;
		}

		$site_domain = strtolower( $_SERVER['SERVER_NAME'] );

		if ( substr( $site_domain, 0, 4 ) == 'www.' ) {
			$site_domain = substr( $site_domain, 4 );
		}

		$content = trim( $content );

		if ( preg_match( '/<(.+)>$/', $content, $matches ) ) {
			$email = strtolower( $matches[1] );
		} else {
			$email = strtolower( $content );
		}

		$email_arr = explode( '@', $email ); /* separate email parts */

		/* site domain must exist in email address AND string length of email must EQUAL string length of domain + left part of email + 1 (@) */
		return ( ( substr( $email, - strlen( $site_domain ) ) == $site_domain ) && ( strlen($email) == (strlen($email_arr[0])) + strlen($site_domain) + 1 ) );
	}

When using third level domains, e.g. thirdlevel.toplevel.com, the domain validation does not work properly.

The email domain validation logic only checks for a match within a string so when a substring returns a positive match, the validation passes when it should not.

Test Case Scenario:
Wordpress Domain: blog.mywebsite.com
Email: anything@adskfjhqdsjkfhakdsfhblog.mywebsite.comwill pass domain validation which it shouldn’t.

File: wp-content/plugins/contact-form-7/includes/config-validator.php
Lines: 152 – 184

public function test_email_in_site_domain( $content ) {
		if ( wpcf7_is_localhost() ) {
			return true;
		}

		$site_domain = strtolower( $_SERVER['SERVER_NAME'] );

		if ( substr( $site_domain, 0, 4 ) == 'www.' ) {
			$site_domain = substr( $site_domain, 4 );
		}

		$content = trim( $content );

		if ( preg_match( '/<(.+)>$/', $content, $matches ) ) {
			$email = strtolower( $matches[1] );
		} else {
			$email = strtolower( $content );
		}

		return ( substr( $email, - strlen( $site_domain ) ) == $site_domain );
	}

Pro Licensed Version 1.7.
I just updated the Free plugin and now I get this error:

Plugin could not be activated because it triggered a fatal error.

Fatal error: Cannot redeclare wsh_extract_exclusions() (previously declared in \htdocs\wp-content\plugins\raw-html-pro\include\tag-handler.php:19) in \htdocs\wp-content\plugins\raw-html\include\tag-handler.php on line 66

Nevermind… I had to deactivate the Pro version and then re-activate only the Pro version.