pracko

The error log indicated the problem lies within another plugin so I will have to take a look there.

Thank you.

Thank you for this update and detailed answer, @wpdatatables !

I’ve had the free version for months with no critical vulnerability warning from Wordfence until just now. There appears to be a NEW security issue with the FREE version of the plugin now.

Wordfence is reporting a critical vulnerability re Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’). @007me , the pinned post I believe you are referring two was from 12 months ago, but this critical warning is a new one for me and could be due to something else completely.

Details: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpdatatables/wpdatatables-tables-table-charts-premium-631-unauthenticated-sql-injection

I hope the devs will look into this and issue a patch ASAP.

Great, thank you Guido!

The plugin code suggested in Reply #83 by @vanko here fixed the issue, but this is less than ideal from a security standpoint. Perhaps the devs of Post Snippets can code a fix for this plugin that is more secure.

Awesome, thank you so much!

I found a solution shortly after posting my question and am posting it here so I can close this thread as ‘resolved’.

I used the ‘Find My Blocks’ utility plugin to find all the pages where Spectra blocks were being used.

Thanks for the explanation, Joe. Will manually reconcile these.

• This reply was modified 1 year, 1 month ago by pracko.

Great news, thank you!

Yes, I was duplicating, not copying.

However, I neglected to mention that I was doing this inside the Footer template of the Front Page page template (using the new FSE site editor in WP 6.3).

To overcome it, I created a Synced Pattern, and then added the pattern to the Footer.

Now I can duplicate GB buttons and they each have a unique class so as to be styled independently.

All the best, Paul

Great to know, thanks!

Same here.

Per WordFence Intelligence: “The Slider a SlidersPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wp_spaios_save_attachment_data function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to modify the metadata of an arbitrary WordPress Media Library attachment.”

Please fix. Thanks!

Yes, I’m also getting the same warning from WordFence. Hopefully an update for this plugin is coming soon.

• This reply was modified 1 year, 6 months ago by pracko.

Yes, this is the Spectra Form block; specifically the international calling code field that is included with the phone field. See screenshot:

https://imgur.com/a/bLdi8Ck