Craig at Smash Balloon
Forum Replies Created
-
Hey kodeplay,
I found your ticket and responded with some things I think will solve your concerns. We can follow up with you there as this is related to the Pro plugin.
Thanks,
CraigThanks again for your thoughts! You will notice improvements in future updates.
Thank you for the feedback and we understand your concern! We take the security of your site extremely seriously and do understand the sensitivity of functionality in a plugin that creates a temporary login capability. The code was reviewed by our in-house security researcher before being approved for launch and the general concept was reviewed by our security team before development began.
The capabilities of the logged-in user are extremely narrow and would not give any unapproved access to your site.
That being said we don’t want to alarm our users as it seems it the case here. We are considering your suggestion to make this a separate plugin that users can install with the direction of a support representative.
Also, this is related to something that is specifically in our paid pro plugin. As such I’m not sure if the moderators will allow this post here. We will be happy to follow up with you within our ticketing system!Thanks for reaching out! We are nearly finished with a basic feature of what you are asking about. Look for a response from one of our support reps with further instructions.
– CraigHey again!
This feature makes a lot of sense and we have added it to our features plans. In the meantime, can you submit a support ticket and reference this review? We would love to help you get this set up on a basic level as soon as next week.
Here is a link:
https://smashballoon.com/support/
– CraigHey Dipak,
Thanks for sending the log!
We discussed this issue as a team and determined that this was likely a random attack and was not trying to exploit anything specific in our plugin. From what we can tell from your report, there was data sent using POST request to a JavaScript file. Our JavaScript file does not process POST data. The specific piece of data is also not using a key that is processed anywhere in our plugin.
We are reviewing our plugins for SQL injection vulnerabilities to be safe but don’t think this attack would have any possibility of success.
Let me know if you have more questions.
– Craig
Hey Dan,
Sorry to hear that you had an attack! Were there any other details about what the attacker was trying to do? This alone doesn’t give any hints.
There aren’t any known vulnerabilities in the plugin. We would definitely like to look into it if you have any more information though. Here is a link to our support form on our website if you can provide anything further:
https://smashballoon.com/support/
Thanks,
Craig
No worries! We have a free version option: https://snipboard.io/hlb7fG.jpg
Hmm in that case it might be something we would need you to submit a support ticket for. Can you contact us on our website?
https://smashballoon.com/instagram-feed/support/
Our support team will take a look!
If you did what you’re saying, then yes you could edit the follow color from the customizer. I think that could be what you want! Maybe this explanation will clarify:
The shortcode [instagram-feed] will use all of the settings from the “Legacy” feed you edit using the backend customizer.
The shortcode [instagram-feed followcollor=”#6ab”] will use all of the settings from the “Legacy” feed except for the follow button color. Which would always be #6ab unless you change it in the shortcode.
Does that make sense? Let me know if you need more help!
The plugin will still override settings set in the backend customizer with settings in your shortcodes. Do the feeds you are having trouble with have something like this in the shortcode?
[instagram-feed followcollor=”#6ab”]
If so you would need to update the shortcode to change the color or remove the followcollor setting from the shortcode if you wanted to use the customizer to make changes.
Let me know if this isn’t the issue! I tried to replicate it on my end but couldn’t.
– Craig
Hi Steve,
You are right with both of these items! We will address this in an update coming out this week.
Thanks for letting us know.
– Craig
Sorry for the issue here Steve!
It seems there is a bug in our code that is reporting errors that don’t exist. We will fix this in an update. I see that your images are displaying on your site now. Did you still need any help?
Thanks,
Craig
Sorry about the issue! We just pushed out a fix in version 2.6.1. If you update then this problem will be fixed. We sincerely apologize for the inconvenience!
– Craig
Forum: Plugins
In reply to: [Smash Balloon Social Photo Feed – Easy Social Feeds Plugin] 2.6 IssuesSorry about the issue! We just pushed out a fix in version 2.6.1. If you update then this problem will be fixed. We sincerely apologize for the inconvenience!
– Craig