echamings
Forum Replies Created
-
Forum: Plugins
In reply to: [File Manager] Uploads vanish – file type and WP user level relatedThanks, it was indeed wordfence. Sorted now.
BTW, I did email support and put two tickets in as I normally would for Pro support, but heard nothing. So I posted here.
Forum: Plugins
In reply to: [Accordion] Make accordion container more obvious?My thoughts:
https://www.dropbox.com/s/5zpa1gebpt8lswt/accordion%20suggestion.mp4?dl=0
added what it could look like (the Section block mentioned above):
https://www.dropbox.com/s/s17xmz7hb14ndfp/what%20it%20could%20look%20like.mp4?dl=0
Reponse from our IT dept.
“It took me a while to track this down, but our web application firewall is flagging this as a remote execution attack. There does seem to be some indication that this plugin had an XSS vulnerability on <1.6.9, but you have the latest.
Looking at what triggered it:
“Matched Data: \\x0d\\x0a\\x0d\\x0a[/expand found within ARGS:content: We are putting together our Autumn and Winter Training Schdule!\\x0d\\x0a\\x0d\\x0a\\x0d\\x0aThe eLearning Team run a set of courses and workshops to help familiarise you with different pieces of software that will enable you to deliver your courses. Please see below for our course list and links for booking; details for the courses can be found further down this page.\\x0d\\x0a\\x0d\\x0aClick on a course title to learn …”
0d 0a 0d 0a is CRLF CRLF so that would indicate a couple of blank lines so may be innocent, but can be used in an attack: see e.g. https://www.netsparker.com/blog/web-security/crlf-http-header/
I can’t see that in any of the plugin code – the only thing close is the PSD header code in arrows.psd. Are you putting those newlines in yourself, and of so can you leave them out and see what happens?”
Any thoughts? I’m not putting new lines in in any different way than a normal WP page with paragraphs so not sure why this is happening.
just tried both activation methods with the same issue, it was previously on site specific activation but global produced the same result when I actiavted it.
I did also try deleting the plugin and reinstalling it, but this was just via the plugin page and perhaps not much of a deep clean.
No more additional information on the page I’m afraid, its a very simple error as above.
I’ve asked our IT depertment if there is any log showing more, will get back to you with their response.
We’re using the classic editor.
Forum: Plugins
In reply to: [Plugin: WPBook] Stream/Wall Options UnavailableMy fault, mistook Facebook Profile ID for facebook username. Fixed now by following instructions!