Dragonfly-CA

Hello,

Here is the response I received from Flywheel.?

Knowing of this security vulnerability in your code gives me pause to use it. If this is something that you will be fixing in the very near future, I will be more than happy to continue using FluentCRM PRO, otherwise I will use an alternate CRM.

I’ve shared your plugin with quite a few clients and we all love it! I sure hope you find a way to address this critical issue.

Thank you,

Sep 13, 2024, 3:02?AM CDT?

Dillan here with Flywheel support, happy to help.

I’ve spent some time digging into this with our infrastructure team, and it looks like this may be related to the?X-Http-Method-Override?header.

This header is used to allow POST requests to override the method type.?This header is disabled across our platform as it opens up potential vulnerabilities.

I would recommend reaching out to Fluent Form’s development team to confirm if they use this header – if they do, they may need to implement an alternative method of achieving this, so the plugin remains compatible with our platform.

If they need any further information from our end, feel free to pass along the email?[email protected]?so they can liaise with us directly ?? It’d be best if they mention this ticket number?15237500?for reference.

Do let us know if there’s anything further at all we can do on our end to assist in the meantime.

After restoring my site to a previous version, the issue still remains, so it WAS NOT the latest FluentCRM update. I have once again contacted Flywheel and they said they are escalating a ticket.

I saw that post and reached out to Flywheel (before posting here) and they confirmed they DO NOT block PUT requests.

What changed in this last update? FluentCRM worked perfectly fine before then and has been hosted on Flywheel since its inception.

What version of Listify are you using?

I just turned off my CDN and the form works fine now (no “Invalid Image Path” error).

That said, it would be nice to be able to use a CDN as we were able to in the past.

@bestranger You may want to follow this thread, its similar.

https://www.ads-software.com/support/topic/invalid-image-path/

Yes, someone still uses your plugin – Thank you!

After 7 years, we’re finally upgrading our website, but we still need to maintain the Plogger collections. Here’s the link:

https://pfmagazine.com/a/

We use Plogger in our Winners Gallery here: https://pfmagazine.com/p-gallery/
(Thanks to your plugin it works just fine).

I’m not sure how I would transfer 12 collections, 48 albums, 21119 images, and 1664 comments to a new gallery plugin.

The site reads just fine when the plugin is deactivated. I’ve double-checked, and yes the database is UTF-8.

Thank you so much for any help you can give.

All my best,
~ Tamra

Oh goodness, how did I not see that.

That was it. Thank you so much!

Yes, I’ve changed that in Advanced Settings and it works fine in all ways — except for the Sign Up link on the Requires Membership message.

The Sign Up link even defaults to the ORIG permalink when I have permalinks turned off in the WP settings. Makes no sense.

Fixed It!

It was the reCaptcha plugin hide mail feature that was not allowing email addresses to be passed along to PayPal.