inceweb
Forum Replies Created
-
Also being reported by Wordfence (same CVE-2023-47519 via patchstack.com):
WooCommerce Product Table Lite <= 2.6.2 – Cross-Site Request Forgery (wordfence.com)
The description isn’t terribly helpful:
“The WooCommerce Product Table Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.”
I note that the same researcher has posted dozens of CSRF and XSS vulnerabilities in the past past few weeks, which may be output from an automated scanning tool.
In answer to warby15’s question “Is this something to be concerned about?” – as an alert WordPress admin, probably not.
Here’s how we fixed it:
(1) Enabled General Settings > Performance & Debug > Clear caches actively.
(2) Deleted and recreated any glossary items still showing with alphanumeric tooltips.
Tooltips worked perfectly before. Unfortunately we can’t say exactly when they stopped working.
Thank you for the prompt reply.
If we disable “Move tooltip contents to footer?” we no longer get tooltips in the Woocommerce single product pages. We still get tooltips in glossary entries but they still show as random sequences of characters.
Toggling “Load the scripts in footer?” does not appear to make a difference.
Note that we are clearing the Jetpack cache and “Empty cache and hard reload” on the web browser between setting changes.
What would be classed as a “page builder”? We use Gutenberg but none of the usual suspects – Divi, Elementor etc. We do use Husky Products Filter Professional to “Ajaxify” the site but disabling this plugin doesn’t fix our tooltip problem.
Forum: Plugins
In reply to: [NP Quote Request for WooCommerce] PHP error in 1.9.105 took site downWow! Things certainly move fast at Neah Plugins – we have updated to version 106 and it has fixed the issue.
Thank you!
- This reply was modified 2 years, 8 months ago by inceweb.
Forum: Plugins
In reply to: [NP Quote Request for WooCommerce] Invalid payment method.Rolled back to 1.9.80 and then upgraded to 1.9.90 which seems to have fixed the problem.
Suspect that deleting and re-installing the plugin would have achieved the same outcome, but we may have had to repeat the setup, wording for quotations, etc. so tried this first.
It seems like the “Quote Request” payment method wasn’t being properly recognised within the Woo backend.
Forum: Plugins
In reply to: [NP Quote Request for WooCommerce] Invalid payment method.Hi,
We can confirm that RFQ mode is selected and that the required payment method is enabled, but as noted in our original post there is some odd behaviour: we have to click on “Save changes” on payment methods before the “Quote Request” payment method becomes visible.
See screenshots.
And after “Save changes”:
I would like to see this feature too.
Yes, we would like to see tooltips on the product categories archives and blog post archives as well as the home page & shop page.
Site info:
wp-core version: 6.1.1 site_language: en_GB user_language: en_GB timezone: +00:00 permalink: /%postname%/ https_status: true multisite: false user_registration: 0 blog_public: 1 default_comment_status: open environment_type: production user_count: 91 dotorg_communication: true wp-paths-sizes wordpress_path: /var/www/vhosts/redacted.co.uk/httpdocs wordpress_size: 2.68 GB (2876286099 bytes) uploads_path: /var/www/vhosts/redacted.co.uk/httpdocs/wp-content/uploads uploads_size: 971.13 MB (1018306952 bytes) themes_path: /var/www/vhosts/redacted.co.uk/httpdocs/wp-content/themes themes_size: 11.90 MB (12482145 bytes) plugins_path: /var/www/vhosts/redacted.co.uk/httpdocs/wp-content/plugins plugins_size: 276.87 MB (290314435 bytes) database_size: 287.73 MB (301711360 bytes) total_size: 4.19 GB (4499100991 bytes) wp-dropins (2) advanced-cache.php: true maintenance.php: true wp-active-theme name: Redacted (redacted) version: 1.0.0 author: MisterE author_website: http://redacted.com parent_theme: Storefront (storefront) theme_features: core-block-patterns, block-templates, widgets-block-editor, post-thumbnails, automatic-feed-links, custom-logo, menus, html5, custom-background, custom-header, site-logo, title-tag, customize-selective-refresh-widgets, wp-block-styles, align-wide, editor-styles, editor-font-sizes, editor-style, responsive-embeds, amp, woocommerce, wc-product-gallery-zoom, wc-product-gallery-lightbox, wc-product-gallery-slider, starter-content, widgets, infinite-scroll theme_path: /var/www/vhosts/redacted.co.uk/httpdocs/wp-content/themes/redacted auto_update: Disabled wp-parent-theme name: Storefront (storefront) version: 4.2.0 author: Automattic author_website: https://woocommerce.com/ theme_path: /var/www/vhosts/redacted.co.uk/httpdocs/wp-content/themes/storefront auto_update: Disabled wp-themes-inactive (2) shopstore: version: 4.3.8, author: aThemeArt, Auto-updates disabled WPCstore: version: 2.0.2, author: WPClever, Auto-updates disabled wp-mu-plugins (1) WP STAGING Optimizer: version: 1.5.1, author: René Hermenau wp-plugins-active (27) Admin Columns Pro: version: 6.0.3, author: AdminColumns.com, Auto-updates enabled Advanced Woo Search: version: 2.71, author: ILLID, Auto-updates enabled Backup Duplicator & Migration - WP STAGING: version: 2.12.0, author: WP-STAGING, WPStagingBackup, Auto-updates enabled Civic Cookie Control 8: version: 1.44, author: Civic Uk, Auto-updates enabled CM Tooltip Glossary: version: 4.1.6, author: CreativeMindsSolutions, Auto-updates enabled Contact Form 7: version: 5.7.2, author: Takayuki Miyoshi, Auto-updates enabled Flexible Shipping: version: 4.18.4, author: Octolize, Auto-updates enabled Google Listings and Ads: version: 2.3.8, author: WooCommerce, Auto-updates enabled HUSKY - Products Filter Professional for WooCommerce: version: 1.3.2, author: realmag777, Auto-updates disabled Jetpack: version: 11.7.1, author: Automattic, Auto-updates enabled Loco Translate: version: 2.6.3, author: Tim Whitlock, Auto-updates enabled MailPoet: version: 4.5.1, author: MailPoet, Auto-updates enabled Otter – Page Builder Blocks & Extensions for Gutenberg: version: 2.2.0, author: ThemeIsle, Auto-updates enabled PDF Invoices & Packing Slips for WooCommerce: version: 3.3.1, author: WP Overnight, Auto-updates enabled Product Variation Swatches for Woocommerce: version: 2.3.1, author: ThemeHigh, Auto-updates enabled Simple Banner: version: 2.12.2, author: Ryan Petersen, Auto-updates enabled Site Kit by Google: version: 1.92.0, author: Google, Auto-updates enabled WooCommerce: version: 7.3.0, author: Automattic, Auto-updates enabled WooCommerce Blocks: version: 9.4.1, author: Automattic, Auto-updates enabled WooCommerce Payments: version: 5.3.0, author: Automattic, Auto-updates enabled Woo Image SEO: version: 1.4.0, author: Danail Emandiev, Auto-updates enabled Wordfence Security: version: 7.8.2, author: Wordfence, Auto-updates enabled WPC Composite Products for WooCommerce: version: 5.5.0, author: WPClever, Auto-updates enabled WPC Smart Compare for WooCommerce: version: 5.3.6, author: WPClever, Auto-updates enabled WPC Smart Wishlist for WooCommerce: version: 4.5.2, author: WPClever, Auto-updates enabled WP Super Cache: version: 1.9.2, author: Automattic, Auto-updates enabled Yoast SEO: version: 20.0, author: Team Yoast, Auto-updates enabled wp-plugins-inactive (4) Akismet Anti-Spam: version: 5.0.2, author: Automattic, Auto-updates enabled LightStart - Maintenance Mode, Coming Soon and Landing Page Builder: version: 2.6.2, author: Themeisle, Auto-updates enabled SumUp Payment Gateway For WooCommerce: version: 1.2, author: SumUp, Auto-updates enabled WooCommerce Product Barcode Label Printing - Woolabel: version: 2.2.0, author: wekekaha, Auto-updates enabled wp-media image_editor: WP_Image_Editor_Imagick imagick_module_version: 1692 imagemagick_version: ImageMagick 6.9.12-54 Q16 x86_64 17322 https://legacy.imagemagick.org imagick_version: 3.7.0 file_uploads: File uploads is turned off post_max_size: 8M upload_max_filesize: 8M max_effective_size: 8 MB max_file_uploads: 20 imagick_limits: imagick::RESOURCETYPE_AREA: 15 GB imagick::RESOURCETYPE_DISK: 9.2233720368548E+18 imagick::RESOURCETYPE_FILE: 6144 imagick::RESOURCETYPE_MAP: 15 GB imagick::RESOURCETYPE_MEMORY: 8 GB imagick::RESOURCETYPE_THREAD: 1 imagemagick_file_formats: 3FR, 3G2, 3GP, A, AAI, AI, APNG, ART, ARW, AVI, AVS, B, BGR, BGRA, BGRO, BIE, BMP, BMP2, BMP3, BRF, C, CAL, CALS, CANVAS, CAPTION, CIN, CIP, CLIP, CMYK, CMYKA, CR2, CR3, CRW, CUR, CUT, DATA, DCM, DCR, DCX, DDS, DFONT, DNG, DPX, DXT1, DXT5, EPDF, EPI, EPS, EPS2, EPS3, EPSF, EPSI, EPT, EPT2, EPT3, ERF, EXR, FAX, FILE, FITS, FRACTAL, FTP, FTS, G, G3, G4, GIF, GIF87, GRADIENT, GRAY, GRAYA, GROUP4, H, HALD, HDR, HISTOGRAM, HRZ, HTM, HTML, HTTP, HTTPS, ICB, ICO, ICON, IIQ, INFO, INLINE, IPL, ISOBRL, ISOBRL6, J2C, J2K, JBG, JBIG, JNG, JNX, JP2, JPC, JPE, JPEG, JPG, JPM, JPS, JPT, JSON, K, K25, KDC, LABEL, M, M2V, M4V, MAC, MAGICK, MAP, MASK, MAT, MATTE, MEF, MIFF, MKV, MNG, MONO, MOV, MP4, MPC, MPG, MRW, MSL, MSVG, MTV, MVG, NEF, NRW, NULL, O, ORF, OTB, OTF, PAL, PALM, PAM, PANGO, PATTERN, PBM, PCD, PCDS, PCL, PCT, PCX, PDB, PDF, PDFA, PEF, PES, PFA, PFB, PFM, PGM, PGX, PICON, PICT, PIX, PJPEG, PLASMA, PNG, PNG00, PNG24, PNG32, PNG48, PNG64, PNG8, PNM, POCKETMOD, PPM, PS, PS2, PS3, PSB, PSD, PTIF, PWP, R, RADIAL-GRADIENT, RAF, RAS, RAW, RGB, RGBA, RGBO, RGF, RLA, RLE, RMF, RW2, SCR, SCREENSHOT, SCT, SFW, SGI, SHTML, SIX, SIXEL, SPARSE-COLOR, SR2, SRF, STEGANO, SUN, SVG, SVGZ, TEXT, TGA, THUMBNAIL, TIFF, TIFF64, TILE, TIM, TTC, TTF, TXT, UBRL, UBRL6, UIL, UYVY, VDA, VICAR, VID, VIDEO, VIFF, VIPS, VST, WBMP, WEBM, WEBP, WMF, WMV, WMZ, WPG, X, X3F, XBM, XC, XCF, XPM, XPS, XV, XWD, Y, YCbCr, YCbCrA, YUV gd_version: bundled (2.1.0 compatible) gd_formats: GIF, JPEG, PNG, WebP, BMP, XPM ghostscript_version: not available wp-server server_architecture: Linux 4.18.0-365.el8.x86_64 x86_64 httpd_software: Apache php_version: 7.4.33 64bit php_sapi: fpm-fcgi max_input_variables: 1000 time_limit: 300 memory_limit: 512M max_input_time: 60 upload_max_filesize: 8M php_post_max_size: 8M curl_version: 7.61.1 OpenSSL/1.1.1k suhosin: false imagick_availability: true pretty_permalinks: true htaccess_extra_rules: true wp-database extension: mysqli server_version: 10.3.28-MariaDB client_version: mysqlnd 7.4.33 max_allowed_packet: 16777216 max_connections: 151 wp-constants WP_HOME: undefined WP_SITEURL: undefined WP_CONTENT_DIR: /var/www/vhosts/redacted.co.uk/httpdocs/wp-content WP_PLUGIN_DIR: /var/www/vhosts/redacted.co.uk/httpdocs/wp-content/plugins WP_MEMORY_LIMIT: 512M WP_MAX_MEMORY_LIMIT: 512M WP_DEBUG: false WP_DEBUG_DISPLAY: true WP_DEBUG_LOG: false SCRIPT_DEBUG: false WP_CACHE: true CONCATENATE_SCRIPTS: false COMPRESS_SCRIPTS: undefined COMPRESS_CSS: undefined WP_ENVIRONMENT_TYPE: Undefined DB_CHARSET: utf8 DB_COLLATE: undefined wp-filesystem wordpress: writable wp-content: writable uploads: writable plugins: writable themes: writable mu-plugins: writable jetpack site_id: 288888888 ssl_cert: No time_diff: undefined version_option: 11.7.1:1673906610 old_version: 11.7:1673388223 public: Public master_user: #1 MrE current_user: #1 MrE tokens_set: Blog User blog_token: xxx user_token: TmvLRs#eii3daTOgKbReupyJgKgdcu version: 11.7.1 jp_plugin_dir: /var/www/vhosts/redacted.co.uk/httpdocs/wp-content/plugins/jetpack/ plan: free protect_header: false full_sync: {"started":"Thu, 01 Jan 1970 00:00:00 +0000","finished":"Thu, 01 Jan 1970 00:00:00 +0000","progress":[],"config":[]} sync_size: undefined sync_lag: 0 seconds full_sync_size: undefined full_sync_lag: 0 seconds idc_urls: {"home":"https:\/\/redacted.co.uk","siteurl":"https:\/\/redacted.co.uk","WP_HOME":"","WP_SITEURL":""} idc_error_option: false idc_optin: true cxn_tests: All Pass. google-site-kit version: 1.92.0 php_version: 7.4.33 wp_version: 6.1.1 reference_url: https://redacted.co.uk amp_mode: no site_status: connected-site user_status: authenticated verification_status: verified-non-site-kit connected_user_count: 1 active_modules: site-verification, search-console, analytics, analytics-4, pagespeed-insights recoverable_modules: none required_scopes: openid: ✅</img> https://www.googleapis.com/auth/userinfo.profile: ✅</img> https://www.googleapis.com/auth/userinfo.email: ✅</img> https://www.googleapis.com/auth/siteverification: ✅</img> https://www.googleapis.com/auth/webmasters: ✅</img> https://www.googleapis.com/auth/analytics.readonly: ✅</img> capabilities: googlesitekit_authenticate: ✅</img> googlesitekit_setup: ✅</img> googlesitekit_view_posts_insights: ✅</img> googlesitekit_view_dashboard: ✅</img> googlesitekit_manage_options: ✅</img> googlesitekit_view_splash: ✅</img> googlesitekit_view_authenticated_dashboard: ✅</img> googlesitekit_view_wp_dashboard_widget: ✅</img> googlesitekit_view_admin_bar_menu: ✅</img> googlesitekit_view_shared_dashboard: ⭕</img> googlesitekit_read_shared_module_data::["search-console"]: ⭕</img> googlesitekit_read_shared_module_data::["analytics"]: ⭕</img> googlesitekit_read_shared_module_data::["pagespeed-insights"]: ⭕</img> googlesitekit_manage_module_sharing_options::["search-console"]: ✅</img> googlesitekit_manage_module_sharing_options::["analytics"]: ✅</img> googlesitekit_manage_module_sharing_options::["pagespeed-insights"]: ✅</img> googlesitekit_delegate_module_sharing_management::["search-console"]: ✅</img> googlesitekit_delegate_module_sharing_management::["analytics"]: ✅</img> googlesitekit_delegate_module_sharing_management::["pagespeed-insights"]: ⭕</img> enabled_features: adsenseSetupV2: ✅</img> dashboardSharing: ✅</img> ga4ActivationBanner: ⭕</img> ga4Reporting: ⭕</img> gm3Components: ⭕</img> gteSupport: ⭕</img> userInput: ⭕</img> 0: none 1: owner 2: none 3: owner 4: none 5: all_admins search_console_property: https://redacted.co.uk/ analytics_account_id: 2472••••• analytics_property_id: UA-2472••••••• analytics_profile_id: 2788••••• analytics_use_snippet: no analytics_4_property_id: 3393437•• analytics_4_web_data_stream_id: 4179•••••• analytics_4_measurement_id: G-Z3•••••••• analytics_4_use_snippet: noThank you for the reply.
The problem is in the backend. The screenshot is from Woocommerce Edit Products, the Product data panel, Attributes tab.
Perhaps it’s worth noting that both Attributes and Products are post types in Woo commerce. I have term highlighting enabled for Posts, Pages, Products and Glossary Items.
Toggling the “Move tooltip contents to footer?” setting (and clearing caches) makes no difference.
I’ve experimented a little more, and enabling “Only show terms on single posts/pages” does fix the problem (but removes tooltips where they are actually most useful for our purposes).
I’m not really sure why the extension is attempting to insert tooltips in the backend.
Discussing this with a colleague, we’re both pretty sure that the issue was introduced in a recent update to CM Tooltip Glossary – it certainly wasn’t a problem in November 2022.
I hope this helps.
Yes, I see that now thank you. For anybody else struggling with this, you will need to switch to a different theme before you can access the position controls in the settings for WPC Compare and WPC Wishlist. Not sure if that is a bug or a feature.
Forum: Plugins
In reply to: [CM Tooltip Glossary] Sticky tooltip after second hoverI can confirm that this is fixed in 4.1.3 – thank you for the prompt response.
I didn’t mark it as resolved, somebody in your team did or it was auto-closed.
Yes, the problem still exists, and is reproducible. Sadly there doesn’t seem to be a way of pasting a screenshot here.Using the Storefront theme.
Just to be clear: the italicisation of the bullets is only present when using the block editor, not in the front end of WordPress. It’s a minor issue, but makes judging sizing etc. awkward.I didn’t spot the issue anywhere else. I’ll stay at 2.0.13 until the next version is available for testing.
There is an unrelated issue with the icon list block, but I’ll log that separately when I have a moment.
Thanks again for your help.