Unauthorised AJAX Calls via Freemius

Sounds good… look forward to hearing back from you.

I was testing to see if there were any conflicts with any other plugins by deactivating them and the issues still persisted with the social wall plugin created by https://smashballoon.com/ and also the other interface issues.

As soon as I deactivated the latest release, the issues cleared up.

I also noticed issues within some admin interfaces. Here is one of them…

While the new updated plugin is active:
https://wordpress-588111-2482688.cloudwaysapps.com/wp-content/uploads/2022/03/image-essential-grid1.png

Plugin deactivated:
https://wordpress-588111-2482688.cloudwaysapps.com/wp-content/uploads/2022/03/image-essential-grid2.png

Thanks again…

Just chiming in to say that since updating to latest version v2.4.0.6 it has caused major issues for my sites as well — media library grid view not working, Elementor not loading, other plugins having issues too — constant errors in the logs including
— PHP Warning: preg_match(): Compilation failed: quantifier does not follow a repeatable item at offset 1
— PHP Warning: Undefined array key
— Updating failed. The response is not a valid JSON response

And others

Hey Tony,

The further I investigate, the more admin interface issues I’m also noticing. I am also noticing on the other support related posts that the issues are happening to other users.

Hope to see an update soon to resolve.

Can I suggest just fixing the Freemius security issues and leaving the rest of the updates for a later release until the issues have been resolved?

Thanks!

Tony,

Thanks for the update! All issues cleared up!

Thanks!

The bug with the update has now been resolved and 2.4.0.7 release is available on Github, and will be available shortly via the WordPress repository.

The issue was due to some debug information being output unconditionally. This was mangling JSON data endpoints (prepending to data making them unreadable) and redirections from working (headers already sent error.) Here is the issue on Github:
https://github.com/netmix/radio-station/issues/413

Since the Freemius SDK is indeed updated to 2.3.2 in Radio Station 2.4.0.6, we believe the “unauthorrised AJAX calls” that scanners still are reporting cannot be correct. The scan should pick up the new version with the security patch by Freemius in that version specifically to fix this. We will monitor this and make contact if it doesn’t change.

@jaxrachel If you can let me know any of the line numbers for those errors/warnings if you are still getting any after updating to 2.4.0.7, I can check those out too. I’d expect most/all of them would go away with this bug fixed.

If you haven’t already, could you please leave a review of the plugin. Reviews are super helpful.

Also, please consider supporting the free version with a $5 a month contribution through our https://patreon.com/netmix support page.

Thanks!

Tony,

I sent you an email via your website support page.

Thanks,

Alvaro

Oops, the link to Patreon is https://patreon.com/radiostation

Yes, I picked up your message in the support channel.