Recent posts

Advanced search

Welcome to WordPress Community Forum. Please login or sign up.

Nov 25, 2024, 11:49 AM

Forever 1 Hour 1 Day 1 Week 1 Month

Login with username, password and session length

[Kailash]

• WordPress Photo Gallery by... by Kailash
  [Jun 16, 2022, 06:28 AM]
• WordPress Ninja Forms plugin... by Kailash
  [Jun 16, 2022, 06:24 AM]
• WordPress Social Media Share... by Kailash
  [Jun 16, 2022, 06:22 AM]
• WordPress WP Contact Slider... by Kailash
  [Jun 15, 2022, 10:29 AM]
• WordPress Clearfy Cache plugin... by Kailash
  [Jun 15, 2022, 10:26 AM]
• WordPress Real Cookie Banner... by Kailash
  [Jun 15, 2022, 10:23 AM]
• WordPress WP Contact Slider... by Kailash
  [Jun 15, 2022, 10:21 AM]
• WordPress Easy Testimonials... by Kailash
  [Jun 15, 2022, 10:18 AM]
• WordPress Checkout Fields... by Kailash
  [Jun 15, 2022, 10:15 AM]
• WordPress ShortPixel Image... by Kailash
  [Jun 15, 2022, 10:12 AM]

Members

• Total Members: 15
• Latest: nikunjshingala

Stats

• Total Posts: 55
• Total Topics: 45
• Online today: 5
• Online ever: 136 (Apr 17, 2022, 11:37 PM)

Users Online

• Users: 0
• Guests: 6
• Total: 6

6 Guests, 0 Users

[WordPress Gallery Bank plugin <= 4.0.50 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via Media Upload Module]

#21

WordPress Vulnerability / WordPress Gallery Bank plugin ...

Last post by Kailash - Jun 10, 2022, 05:21 AM

WordPress Gallery Bank plugin <= 4.0.50 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via Media Upload Module

Plugin name: WordPress Gallery Bank plugin
Vulnerable versions: <= 4.0.50
Fixed in: N/A (This plugin has been closed as of December 9, 2021)
CVE ID: N/A
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-09

Vulnerability Details

Authenticated Stored Cross-Site Scripting (XSS) vulnerability via Media Upload Module discovered by Vishnupriya Ilango (Fortinet FortiGuard Labs) in WordPress Gallery Bank plugin (versions <= 4.0.50).

Solution

Deactivate and delete. This plugin has been closed as of December 9, 2021 and is not available for download. Reason: Security Issue.

Plugin Link: This plugin has been closed as of December 9, 2021.

[WordPress Product Configurator for WooCommerce plugin Vulnerability]

#22

WordPress Vulnerability / WordPress Product Configurator...

Last post by Kailash - Jun 07, 2022, 07:48 AM

WordPress Product Configurator for WooCommerce plugin Vulnerability

Plugin name: Product Configurator for WooCommerce
Vulnerable versions: <= 1.2.31
Fixed in: 1.2.32
CVE ID: CVE-2022-1953
Classification: Other Vulnerability Type
Publicly disclosed: 2022-06-06

Vulnerability Details

Unauthenticated Arbitrary File Deletion vulnerability discovered by cydave in WordPress Product Configurator for WooCommerce plugin (versions <= 1.2.31).

Solution

Update the WordPress Product Configurator for WooCommerce plugin to the latest available version (at least 1.2.32).

Plugin Link: https://wordpress.org/plugins/product-configurator-for-woocommerce/

[WordPress WPMK Ajax Finder plugin <= 1.0.1 - Stored Cross-Site Scripting (XSS) via CSRF vulnerability]

#23

WordPress Vulnerability / WordPress WPMK Ajax Finder plu...

Last post by Kailash - Jun 02, 2022, 01:43 AM

WordPress WPMK Ajax Finder plugin <= 1.0.1 - Stored Cross-Site Scripting (XSS) via CSRF vulnerability

Plugin name: WPMK Ajax Finder
Vulnerable versions: <= 1.0.1
Fixed in: NA (Not Available)
CVE ID: CVE-2022-1749
Classification: Cross Site Request Forgery (CSRF)
Publicly disclosed:  2022-06-01

Vulnerability Details

Stored Cross-Site Scripting (XSS) via CSRF vulnerability discovered by Tsubasa Imaizumi (Cryptography Laboratory in Tokyo Denki University) in WordPress WPMK Ajax Finder plugin (versions <= 1.0.1).

Solution

Deactivate and delete. This plugin has been closed as of May 17, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin Link: https://wordpress.org/plugins/find-any-think/

#24

Fixing WordPress / Re: WordPress Fatal Error

Last post by Kailash - Feb 28, 2022, 02:20 AM

It seems that there is an issue on the server and your PHP script execution is exceeding its allowed 30 seconds. Usually WordPress does not take that much time to load. Something should be wrong on the server and your hosting provider should be able to help you.

- Kailash

['Fatal error: Maximum execution time of 30 seconds exceeded in /home/myuser/wp-includes/class.wp-dependencies.php on line 256']

#25

Fixing WordPress / WordPress Fatal Error

Last post by Chris - Feb 28, 2022, 02:00 AM

Hello

I keep getting a fatal error message on my website. I'm not sure what has happened as it was working yesterday and I did not add any updates.

'Fatal error: Maximum execution time of 30 seconds exceeded in /home/myuser/wp-includes/class.wp-dependencies.php on line 256'

I am also unable to log in – it states 'Error: The password you entered for the username is incorrect' and cannot recover the password. The login page also takes long to load.

Any help would be appreciated.

[here]

#26

Fixing WordPress / Re: Error in Site Health Statu...

Last post by Kailash - Feb 28, 2022, 01:59 AM

Following are the answers:

[1] We recommend that you update PHP

> If you have an option to change PHP version in your control panel, you can select the higher supported PHP version.

[2] One or more recommended modules are missing

> You will need to contact your hosting provider to fix this.

[3] A schedule event has failed

> It seems that your WordPress virtual cron is disabled. You can use cPanel cron as mentioned here to fix this.

- Kailash

#27

Fixing WordPress / Error in Site Health Status in...

Last post by Chris - Feb 28, 2022, 01:59 AM

Hi,

I am hosting WordPress website on a shared hosting and WordPress site health status show following three notifications:

3 Recommended improvements

[1] We recommend that you update PHP

[2] One or more recommended modules are missing

[3] A schedule event has failed

How can I fix them?

[PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 999999999999999 bytes).]

#28

Fixing WordPress / PHP 7.2.19 Bug PHP Fatal error...

Last post by Kailash - Feb 28, 2022, 01:58 AM

Hi,

Recently PHP community had released an update for PHP 7.2.19. After this release many users reported an issue related to PHP memory error and users started receiving following error:

PHP Fatal error: Allowed memory size of 536870912 bytes exhausted (tried to allocate 999999999999999 bytes).

This is a bug PHP 7.2.19. As an alternative solution, you can switch your website's PHP version to PHP 7.3 if it is compatible and available on your server.

For more details, you can refer the following URL:

https://bugs.php.net/bug.php?id=78103

- Kailash

[WordPress Admin area -> Settings -> General]

#29

Fixing WordPress / Re: Redirect to HTTPs in WordP...

Last post by Kailash - Feb 28, 2022, 01:57 AM

Hello,

You can follow the below procedure:

[1] Make sure that SSL is installed properly on your website.

[2] Update your URL from your WordPress Admin area -> Settings -> General

[3] If you are on Linux server with Apache, you can use .htaccess to force redirect HTTP to HTTPs using following .htaccess rule:

Code Select Expand

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
For more information on force HTTPs redirection, you can refer Redirect HTTP to HTTPS rewrite rule KB article.

- Kailash

#30

Fixing WordPress / Redirect to HTTPs in WordPress

Last post by Chris - Feb 28, 2022, 01:55 AM

Hi,

I have enabled SSL for my website and now I want to redirect it to HTTPs. How can I do it? I don't want to mess up as website this website is live.

Thanks,