Seb
(@sebastienrenaudeau)
Hi, same for me. i downgrade on 2.0.6 waiting for a fix
I am almost 100% sure that it has something to do with this change right here.
They changed the key from nonce to login-nonce & action string from quadmenu to quadmenu-login, but forgot to reflect that change during a security check in this file on line 102.
I believe line 102 should be updated to this:
if (!check_ajax_referer('quadmenu-login', 'login-nonce', false)) {
Also WARNING! DO NOT DOWNGRADE TO v2.0.6! There is an VERY SERIOUS/CRITICAL security vulnerability present in versions below 2.0.7! Hundreds of websites just got hacked because of it (one of my clients did too). So UPGRADE to 2.0.7 IMMEDIATELY and wait for a fix for this problem. It’s better to have a broken login box, than to have your site broken completely.
-
This reply was modified 5 months ago by
Alex Kladov. Reason: removed non-working php tag in the markdown code block
-
This reply was modified 5 months ago by Alex Kladov. Reason: fixed broken links
-
This reply was modified 5 months ago by Alex Kladov. Reason: fixed another missed broken link
I have the same problem! No support response here?
@arndtk Unfortunately doesn’t seem like they are in a rush to fix this.. so either switch to a different menu plugin or wait till they will fix this up.
But whatever you do, 100% DO NOT use @sebastienrenaudeau suggestion to downgrade to v2.0.6. There is a very serious vulnerability in Quadmenu versions below v2.0.7, so if you downgrade, your website WILL get hacked. It might not happen immediately, but it definitely will happen eventually – it’s just a matter of time. The security issue they patched up is very serious & hundreds of sites got hacked because of it it.
Seb
(@sebastienrenaudeau)
Thanks @prowebassist for the explanation of the security problem
i upgrade the plugin and i fixed the login error, you just forgot a change to make in the file wp-content\plugins\quadmenu\assets\frontend\js\quadmenu.min.js
no update from the author after a month?
change line of the code to this, fixed for me…
pro\includes\advanced.php
if (!check_ajax_referer('quadmenu-login', 'nonce', false)) {
hello guys
we’ve updated the nonce validation system to fix cache issues
this issue should be solved too
please test 2.0.8 and pro 1.9.1
they fixed the code
pro\includes\advanced.php
if (!check_ajax_referer('quadmenu_nonce', 'nonce', false)) {
pro\includes\frontend
wp_nonce_field('quadmenu_nonce', 'quadmenu_nonce');
closed
Where can I find 1.9.1 of the Pro version? Both plugins are showing up to date.
QuadMenu: v2.0.9
QuadMenu Pro: v1.8.9
Still having the “Please reload page” issue.
Thanks!
Nevermind. I was able to download it from my QuadMenu account. Strange how the update doesn’t show up in WP.
Updated, but I was still getting the “Please reload page” error.
Cleared out the CDN cache and it fixed the issue.
Hi,
Having
QuadMenu: v2.1.0
QuadMenu Pro: v1.8.9
As others I have the “Please reload page” error
And I don’t see any answer/recommendation form the Quadmenu team. Or maybe there is other thread speaking about that issue and solution?
I don’t use CDN then no fix for me up to now.
I bought the PRO Plugin and I suppose more support will come ???
Please help
