Support » Plugin: Testimonials Widget » 4.0.1 Still Breaks Sites

  • michaelsandmichaels

    (@michaelsandmichaels)


    We discovered the sites we had updated to 4.0.1 were not loading the CSS, and we could not log into the back end. Turns out the new version sets a session cookie that then expires, which ModSecurity interprets as (here’s the irony) a cross-site scripting attack! We had to revert to the earlier version of the plugin with the actual cross-site scripting vulnerability to get the sites functional again 😉 If you can stop the plugin from setting cookies or at least add an option to disable them, that should solve the issue.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Same here, breaks normal dashboard login. Only recovery mode possible. Used 4.0.0 version from Git link and it works for now. Blocked updates until fixed. I went with ftp, deleted old testimonials directory and manually uploaded the one from Git.

    michaelsandmichaels

    (@michaelsandmichaels)

    Thanks for the tip on the 4.0.0 version, daspi!

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.