capsrock

WordFence is also reporting this issue and suggesting deactivation and removal of the plugin because of a cross-site scripting vulnerability. The documentation is stating that the nonce declaration is missing in a function call.

The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.75. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/royal-elementor-addons/royal-elementor-addons-1375-cross-site-request-forgery

• This reply was modified 1 year, 2 months ago by capsrock. Reason: Added more information

Had the same problem. Used cpanel to access the database. In the usermeta table I changed the nickname to what I want my non-admin username to be. In the users table I changed the user_login and user_nicename to the same as what I set the nickname to. I use WordFence so it blocked me when I previously tried to sign in using an unrecognized username. I did a request to unlock and then before trying to sign in, used the “Lost your password” link and reset the password. Worked like a charm.

I had this same problem with WordPress installations that were installed in directories on my sight. I noticed that when I clicked the accept button, it was putting the directory name twice in the url. Removing one of the directory names from the url allowed it to work.

Example: https://www.website.com/wordpress/wordpress/wp-admin/admin.php?page=googleanalytics&accept-terms=Y

Yes. Both have green check marks and OK next to them (http and https).

I didn’t see anything in the console or error logs however this showed up in the WordFence Live Activity box: Scan terminated with error: We received an error response when trying to contact the Wordfence scanning servers. The HTTP status code was [502]

Updated to WordPress 4.5.1 – didn’t seem to correct the problem. Still unable to change any options. Tried turning off the firewall but that did not help either.

This solution fixed my problem of not being able to run a scan. The most current version of php available on my server is 5.3. This may be the issue. They never seem to be in a hurry to update the vinstall library.

I’m taking my config settings down now. Makes me feel like my underwear is showing or something.

Here

For what it’s worth, I’m seeing a massive increase in bogus login attempts today (Thursday 4/9/15).

5.3.8 works. 5.3.11 does not. Will not let you run scan for sites that plugin has been upgraded and will not issue an API key for new installations.

I’m noticing that my sites that I have not updated WordFence on will scan. Once I run the plugin update for ver. 5.3.11 I get the HTTP STATUS CODE [0] message.

I opened the sidebar.php file and removed the following code from the top of the file and it fixes the problem.

<?php do_action( 'before_sidebar' ); ?>
<a href="#" class="close-sidebar"></a>
<div class="sidebar-nav">
<?php wp_nav_menu( array( 'container' => false, 'theme_location' => 'primary', 'menu_class' => 'menu clear-fix') ); ?>
</div><!-- /.sidebar-nav -->

Same issue here. Sidebar widgets are gone after upgrading.

I had the same issue. Installed the plugin, created a map and tried to add a marker but there was no way to save the marker.