Nico Demus

Yeah I don’t like it either … I think I will throw all BWS plugins out and replace them with different.

I would love to know that as well, since it is an XSS vulnerability, I expect the plugin to be thrown out soon if there will be no sec patch in time.

Awesome Pascal and many Thanks !

I am going to wait. The developer of this plugins a dutch guy and I think reliable. His website is up and running and also got the information for the plugin.

It would be helpful to receive more information from the wordpress team, why this plugin is abandoned and pending a new review.

Okies, thanks for the clarification.

I am not talking about the automatically generated email, that is fine.

I am talking about the possibility, that they have access to the menu

Subscribe2 -> Send Email -> Choose Recipients All registered Users

That means, that each author-user is able to send an email via WP to all users.

This is wanted ?

Problem was caused due a different plugin that were loading some ajax google class in http and not in https. Problem solved by help of gVectors Team to target the issue. Thanks. Solved !

I registered, but it does not give an confirmation and it does not let me login with the given username+pw, it doesn’t even give me a message about it why or why not.

However, if u force SSL on the domain name you will probably see what I mean when you try to add a topic and try to use other function links in wpForo.

Hi,

checked but SSL makes a difference when it comes to the function of the buttons.

Stepped through all the points, does not let me use the add topic button or in the overview it doesnt even open the “Recent Topics” , as soon I do not force ssl and change the urls from https:// to hpps:// in WP settings, all works fine.

Okay I found the reason.

The Add Topic button is only working when the site is accessible via https://

If it is running on https:// with a SSL certificate, the function to add a topic is not working.

Please add SSL support ??

Also found some interesting stuff in the apache access.log time-related to the incident related to the SimplePie stuff :

nn.nnn.nnn.nn – – [01/Jun/2016:12:15:24 -0500] “GET / HTTP/1.1” 200 37470 “-” “}__test|O:21:\”JDatabaseDriverMysqli\”:3:{s:2:\”fc\”;O:17:\”JSimplepieFactory\”:0:{}s:21:\”\\\disconnectHandlers\”;a:1:{i:0;a:2:{i:0;O:9:\”SimplePie\”:5
nn.nnn.nnn.nn – – [01/Jun/2016:12:15:27 -0500] “GET / HTTP/1.1” 200 37375 “-” “}__test|O:21:\”JDatabaseDriverMysqli\”:3:{s:2:\”fc\”;O:17:\”JSimplepieFactory\”:0:{}s:21:\”\\\disconnectHandlers\”;a:1:{i:0;a:2:{i:0;O:9:\”SimplePie\”:5
nn.nnn.nnn.nn – – [01/Jun/2016:12:15:29 -0500] “GET //sqlibak.php HTTP/1.1” 302 417 “https://www.googlebot.com/bot.html” “Mozilla/5.0 (compatible; Googlebot/2.1; +https://www.google.com/bot.html)”

nn.nnn.nnn.nn is a french blacklisted IP , could be related to joomla platform but simplepie cam be also found in wordpress

Stepped through all .php files that showed the @ $ GLOBALS [$ GLOBALS [ stuff and deleted them manually. The root server is running debian wheezy with the latest sec updates, secured with ossec, checked with chkrootkit, rkhunter, unhide, showing no rootkits at all or processes that listen to any ports that would be an incident for a backdoor installed.

It seems that either a plugin is/was offering that incident or that it might was caused by the latest ImageMagick exploits maybe.

The most recent article about it I could found is related to the Hack.lu CTF 2014: Next Global Backdoor I have found, it seems that they use those .php files to sent out SPAM.

Since the .php files are deleted nothing new I see in logs and postfix has been idle since.

All source IPs that used to access those .php files have been blocked by the firewall by now and are added to the fail2ban jail filters as well.

Checking the next 30 days the incremental daily backup logs to see what files are changing and if anything occurs I will update my post.

Thanks for the quick reply.

I got the same incident. From around 20 wordpress sites, half show that behaviour !

I see the fullscreen issue on my internet explorer 10.x as well. Will there be any update soon by Hana ?

Not a big issue but well, it would be much better if it works ??

Have the same problem with giving me ERROR: Unreadable CAPTCHA token file at the Login Form.

To chmod the folder to 777 didn’t help.

Had to delete it on filelevel out of the plugins folder since it didn’t let me login to deactivate it.

Latest versions of WP as well as from Plugin.