Ate Up With Motor
Forum Replies Created
-
Forum: Plugins
In reply to: [WP Accessibility Helper (WAH)] Broken Access Control vulnerabilityYou might need to inform Patchstack that it’s been patched: They’re still flagging it (even though they specify the issue as version 0.6.2.8 and below) and listing it as “no fix has been released.”
I tried again a little while ago to add another ban, and this time it worked the way it was supposed to. Not sure what to make of that, but it seems okay now.
@shanedelierrr – On the first point, I want to stress that the screen is actually blank for me after entering a new IP ban. There’s no text, no input boxes, no indication that the initial IP address entered has been added to the list, no confirmation, and no error messages. The behavior you describe would make sense, but that isn’t what’s happening for me.
Great, thanks for clarifying that for me!
Forum: Reviews
In reply to: [Search Exclude] Avoid, find a forkI’m no longer using any of your firm’s plugins, and your unprofessional responses make clear that was the right decision.
Forum: Plugins
In reply to: [Search Exclude] Dashboard widget removalWow, a totally unacceptable response. I have removed your plugin and will no longer use any plugin or theme from your firm.
It looks like the Google Fonts are gone on the latest update, but switching to the Dashboard view still changes the font of the entire WP Admin Dashboard (including the left and top menus), so I’m wondering if there’s an unclosed tag somewhere on that screen.
Great, that seems to have done the trick! Thanks so much.
I contacted the plugin developers (https://www.ads-software.com/support/topic/google-fonts-on-dashboard/), who said they would look at removing the API call from future updates.
Glad to hear it, thank you!
Great, thanks!
Thanks!
@dsl225 Ahh, I see what you’re saying. I was able to get it to work this time. Thanks!
As far as I can see, the free plugin supported here doesn’t provide any option to mute the notification, and it sounds like the WordPress core team doesn’t consider this a priority, so… users of the free version of the iThemes Security plugin will just have to put up with getting this notification (of a vulnerability that doesn’t affect anyone who’s turned off XML-RPC) indefinitely, with no way to mute it or resolve it?
This seems like bad security culture, frankly.
I’m wondering about this as well — I just got the same warnings.
It also appears from the linked article that this vulnerability can be mitigated by disabling XML-RPC and/or turning off pingbacks, which seems like it would be good information to include with such a blood pressure-raising warning.
Ack, I’d forgotten all about that.