nilar

I have not it installed right now. But I thought you wanted to know. It is an easy fix, just move a </div> before the pagination (only in the archive page). It is especially evident when you use page navi.

Never mind. I forgot to put a value in the Product Type taxonomy that is mandatory in woocommerce.

ok, thanks.

I reinstalled and it stopped. Thanks.

Hi, I have checked the post table in the db and it actually shows that the store manager page gets modified (last update a few minutes ago according to post_modified column). So the security plugin is right in notifying the change.

May you check in your demo installation whether that happens there too?

Unfortunately this started again. Have you figured what the cause could be? What’s new in the plugin that is triggered by site visitors?

I am not receiving any additional email now. I’ll keep you posted.

I’m not sure why that happens. I only know that I received like 500 emails already and I would not like to disable the security plugin feature.

As you noticed there is only a shortcode in the page, so I don’t know why the page should be updated at any visit.

Hi,

I didn’t mean that this was a security issue.
I meant that after the last update this plugin interferes with security plugins that detect unwanted changes in WordPress installations. The result is that a webmaster who wants to get email notices of unwanted changes in the posts, now ends up in getting tons of emails.

Same here.

The plugin developers promptly resolved this issue and have lined up a new release on Monday, the 18th of February, 2019. All Abandoned Cart Lite for WooCommerce plugin users are urged to update.

Well I think it is common issue of the plugin I mentioned, but I won’t give further details here about how the hack is done. However I strongly suggest to remove the plugin until it is not updated. I contacted the plugin developer too.

An administrator can basically do anything with your site. The most obvious things are creating SEO spam links and phishing pages or put a malware that would infect your visitors’ computers. But in this case, targeting e-commerce websites, they can even change the payment details and get paid for the products you sell until you realize it.

After further investigation I think that the issue was related to the Abandoned Cart Lite for WooCommerce plugin.
I will close this for now.

In my case this user was created the exact same moment that I updated this plugin. The coincidence is at least a bit strange.

Hello,

Just a quick follow up to check whether this has been resolved somehow, as I’m getting this warning 7 times in the add product page of the vendor

Warning: in_array() expects parameter 2 to be array, string given in …/wp-content/plugins/wc-vendors/classes/admin/class-admin-users.php on line 196