Support » Plugin: WordPress Mega Menu - QuadMenu » [BUG] Doesn’t work after update version 2.0.7 * Fixed. security issues

  • Resolved harry murtie


    the popup login menu Doesn’t work after update
    latest version 2.0.7 * Fixed. security issues

    it say “Please reload page.” but still not loged in,
    work in version 2.0.6 “Login successful, redirecting…”

    • This topic was modified 5 months, 1 week ago by harry murtie.
Viewing 11 replies - 1 through 11 (of 11 total)
  • Seb


    Hi, same for me. i downgrade on 2.0.6 waiting for a fix

    Alex Kladov


    I am almost 100% sure that it has something to do with this change right here.

    They changed the key from nonce to login-nonce & action string from quadmenu to quadmenu-login, but forgot to reflect that change during a security check in this file on line 102.

    I believe line 102 should be updated to this:

        if (!check_ajax_referer('quadmenu-login', 'login-nonce', false)) {

    Also WARNING! DO NOT DOWNGRADE TO v2.0.6! There is an VERY SERIOUS/CRITICAL security vulnerability present in versions below 2.0.7! Hundreds of websites just got hacked because of it (one of my clients did too). So UPGRADE to 2.0.7 IMMEDIATELY and wait for a fix for this problem. It’s better to have a broken login box, than to have your site broken completely.

    • This reply was modified 5 months ago by Alex Kladov. Reason: removed non-working php tag in the markdown code block
    • This reply was modified 5 months ago by Alex Kladov. Reason: fixed broken links
    • This reply was modified 5 months ago by Alex Kladov. Reason: fixed another missed broken link

    I have the same problem! No support response here?

    @arndtk Unfortunately doesn’t seem like they are in a rush to fix this.. so either switch to a different menu plugin or wait till they will fix this up.

    But whatever you do, 100% DO NOT use @sebastienrenaudeau suggestion to downgrade to v2.0.6. There is a very serious vulnerability in Quadmenu versions below v2.0.7, so if you downgrade, your website WILL get hacked. It might not happen immediately, but it definitely will happen eventually – it’s just a matter of time. The security issue they patched up is very serious & hundreds of sites got hacked because of it it.



    Thanks @prowebassist for the explanation of the security problem
    i upgrade the plugin and i fixed the login error, you just forgot a change to make in the file wp-content\plugins\quadmenu\assets\frontend\js\quadmenu.min.js

    Thread Starter harry murtie


    no update from the author after a month?
    change line of the code to this, fixed for me…
    if (!check_ajax_referer('quadmenu-login', 'nonce', false)) {

    hello guys

    we’ve updated the nonce validation system to fix cache issues

    this issue should be solved too

    please test 2.0.8 and pro 1.9.1

    Thread Starter harry murtie


    they fixed the code
    if (!check_ajax_referer('quadmenu_nonce', 'nonce', false)) {
    wp_nonce_field('quadmenu_nonce', 'quadmenu_nonce');


    Where can I find 1.9.1 of the Pro version? Both plugins are showing up to date.

    QuadMenu: v2.0.9
    QuadMenu Pro: v1.8.9

    Still having the “Please reload page” issue.


    Nevermind. I was able to download it from my QuadMenu account. Strange how the update doesn’t show up in WP.

    Updated, but I was still getting the “Please reload page” error.

    Cleared out the CDN cache and it fixed the issue.


    QuadMenu: v2.1.0
    QuadMenu Pro: v1.8.9

    As others I have the “Please reload page” error

    And I don’t see any answer/recommendation form the Quadmenu team. Or maybe there is other thread speaking about that issue and solution?

    I don’t use CDN then no fix for me up to now.

    I bought the PRO Plugin and I suppose more support will come ???

    Please help

Viewing 11 replies - 1 through 11 (of 11 total)
  • You must be logged in to reply to this topic.