fotinos

Thank you so much for the reply!

Is there a way to know a little more about this?

For example, what information about recent transactions and how do I know whether my store got affected?

Again, thank you so much! Best,

Hi @rainfallnixfig – thank you for the quick response!

Wanted to ask one more question before going through the effort of sharing the logs.

This is not an ongoing error. It only appeared WHILE I was updating Woocommerce and there are no additional logs or any errors / warnings under the system status. Now that woocommerce is updated to the latest version there are no additional errors.

Could that error just be normal behaviour, considering it only happened while I was updating woocommerce to the latest version?

Thank you for this fantastic software!

Best,

• This reply was modified 2 years, 7 months ago by fotinos.

From what I see @ https://wpscan.com/vulnerability/cb232354-f74d-48bb-b437-7bdddd1df42a

Is it correct to assume that an admin needs to be logged in to the WP site for the “Reflected Cross-Site Scripting” to occur?

Thank you for your time and again, thank you for the great plugin!

Happy new year Gregory!

Just did. It solved all the issues I had! Yayyy

Any ideas on how to bring it back without issues?

Best,

Hi! I see. Yes, I have. Does that give us a clue?

Hi – thank you for the reply,

I have very few plugins installed. The only one I can think of is woocommerce.

Could it be related to caching from my hosting?

Forgot to mention that in the Activity tab I get the indication “Invalid Cookies Cleared”. Also, just whitelisted my IP to not have the login attempt limit until the issue is solved.

It’s exactly the same error! I didn’t have any issues with orders thought..!

@hellionz thanks for reaching out too! Is your issue also related to mercadopago?

I know and have updated.

My concern is how I can know whether the vulnerability has or not been exploited on my site. Any clue?

I have contacted my managed hosting and they say they scanned my site and it’s clean, as are the log files from the last days.

But is that enough? Do exploited vulnerabilities like this one leave traces?

I’m also waiting for further info from WooCommerce.

Again, thank you for your time! Best!

Thank you Adam! That’s clear ??

NOT urgent anymore

Well, I’ll explain a bit more. There was a reason citadel mode was on. Since this morning I had bots continuously trying to login or according to your plugin access pages that weren’t allowed to. And thus citadel mode for an hour, then 5 minutes of continuous requests, then citadel mode again.

Now I changed the login page url along with a few extra “proactive security rules” + resseted cache from my hosting end and the requests stoped which means no need for citadel mode anymore.

But when I was in citadel mode ordering with woocommerce was not possible. Is that normal or you still think it’s a settings issue? I make very minimal use of pluggings and none with similar or same functionality as this one.

Having said all that I also want to express how thankful I am for the existence of this plugin.

Let me know,

Did they change the core files? That’s an insanely inappropriate way of providing hosting services.

These 2:

– /wp-admin/includes/upgrade.php
– /wp-settings.php

Also after I activated 2FA I had a bug or maybe caching issue. I created a user to activated it there first so I can do it on my admin user second. What happened when I logged in as this user:

1. I logged in with the name and pass
2. Then saw the actual homepage of the site (I don’t think I was logged in since the top WP bar was missing and also woocommerce wasn’t saying “no products in the cart”, not sure why though.
3. Went to /admin.php to figure out whether I actually logged in and that’s when the 2FA of Cerber kicked in.

Then activated 2FA for my user, deleted the other one and haven’t seen this issue again. Any clue what it was?

I searched within these 3 files and they contain flywheel comments in them so that must be the “Checksum mismatch” I see. For the rest it says “local file does not exist” (in my language) which I assume in English means “integrity data is not available”. I think it’s all fine.

Again, thank you for your help.

Okay, disabled / deleted the other plugin and used Cerber for the purpose ??

Still not 100% sure why my IP got blocked earlier but also learned that WP automatically logs you out after changing your own pass. I don’t see any suspicious activity in the log so I think I’m good.

I also have a last question, if you have the courage to answer it ?? . After running the quick scan of Cerber I see a lot of problems and 3 high prio ones.
– The date on the right side of the overview for these entries is before I even launched the site! (what does the date mean?)
– My managed hosting (flywheel) might be adding some code here and there on their installations
– one of the issues is on /wordpress/wp-includes/version.php which is a very short file and I really don’t see anything suspicious about it.
– I’m not using English on the front end of my installation
Could that all mean I can ignore these issues?

Gioni thank you for your help.