Title: patrick1994's Replies | WordPress.org --- # patrick1994 [ ](https://wordpress.org/support/users/patrick1994/) * [Profile](https://wordpress.org/support/users/patrick1994/) * [Topics Started](https://wordpress.org/support/users/patrick1994/topics/) * [Replies Created](https://wordpress.org/support/users/patrick1994/replies/) * [Reviews Written](https://wordpress.org/support/users/patrick1994/reviews/) * [Topics Replied To](https://wordpress.org/support/users/patrick1994/replied-to/) * [Engagements](https://wordpress.org/support/users/patrick1994/engagements/) * [Favorites](https://wordpress.org/support/users/patrick1994/favorites/) Search replies: ## Forum Replies Created Viewing 15 replies - 1 through 15 (of 30 total) 1 [2](https://wordpress.org/support/users/patrick1994/replies/page/2/?output_format=md) [→](https://wordpress.org/support/users/patrick1994/replies/page/2/?output_format=md) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall] Slider Revolution 6.7.54 critical security update (false flag?)](https://wordpress.org/support/topic/slider-revolution-6-7-54-critical-security-update-false-flag/) * [patrick1994](https://wordpress.org/support/users/patrick1994/) * (@patrick1994) * [1 month ago](https://wordpress.org/support/topic/slider-revolution-6-7-54-critical-security-update-false-flag/#post-18901097) * “This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files that may be executable, which makes remote code execution possible. The vulnerability was partially patched in version 7.0.10 and fully patched in version 7.0.11.” * [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/revslider/slider-revolution-700-7010-authenticated-subscriber-arbitrary-file-upload-via-get-media-url](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/revslider/slider-revolution-700-7010-authenticated-subscriber-arbitrary-file-upload-via-get-media-url) * It only affects versions 7.0.0 to 7.0.10, though (see source). * On Patchstack, vulnerabilities are unlisted for the first 48h, they only show up via direct link. E.g. when WP Toolkit (included in Plesk, for example) detects a vulnerability, it links to it but you cannot find it listed, anywhere. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Advanced Access Manager – Access Governance for WordPress] [Error] New 7.0 version: PHP Fatal error. undefined function wp_is_rest_endpoint](https://wordpress.org/support/topic/error-new-7-0-version-php-fatal-error-undefined-function-wp_is_rest_endpoint/) * [patrick1994](https://wordpress.org/support/users/patrick1994/) * (@patrick1994) * [1 year, 1 month ago](https://wordpress.org/support/topic/error-new-7-0-version-php-fatal-error-undefined-function-wp_is_rest_endpoint/#post-18449428) * There is also get_user, which requires 6.7+ * Apparently, 7.0 has not been tested well if at all on old WP versions. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[SEOPress - AI SEO Plugin & On-site SEO] 301 redirection to /sitemaps.xml not reliable](https://wordpress.org/support/topic/301-redirection-to-sitemaps-xml-not-reliable/) * Thread Starter [patrick1994](https://wordpress.org/support/users/patrick1994/) * (@patrick1994) * [1 year, 12 months ago](https://wordpress.org/support/topic/301-redirection-to-sitemaps-xml-not-reliable/#post-17820170) * I am confused as I feel my post contains all the necessary info, I suppose your fix is supposed to be in a different place?? Anyway, here are some screenshots. You asked for this one, right? [https://imgur.com/a/bcQNIVb](https://imgur.com/a/bcQNIVb) * Here are more: [https://imgur.com/a/P1sN1VG](https://imgur.com/a/P1sN1VG)[https://imgur.com/a/yaLsJyx](https://imgur.com/a/yaLsJyx) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[SEOPress - AI SEO Plugin & On-site SEO] 301 redirection to /sitemaps.xml not reliable](https://wordpress.org/support/topic/301-redirection-to-sitemaps-xml-not-reliable/) * Thread Starter [patrick1994](https://wordpress.org/support/users/patrick1994/) * (@patrick1994) * [2 years ago](https://wordpress.org/support/topic/301-redirection-to-sitemaps-xml-not-reliable/#post-17797261) * The code does not look like it is solved, but if you say it has been solved, I should at least check it… * Edit: There we go. Not fixed. * wp-seopress version: 7.8 wp-seopress-pro version: 7.8 * Your code in 7.8 with debugging code added by me: * ```wp-block-code public function sitemapShortcut() { if ('1' !== seopress_get_toggle_option('xml-sitemap')) { return; } if ('1' !== seopress_get_service('SitemapOption')->isEnabled()) { return; } //Redirect sitemap.xml to sitemaps.xml $path = sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ) ); var_dump($path); if (in_array($path, [ '/sitemap.xml/', '/sitemap.xml', '/wp-sitemap.xml/', '/wp-sitemap.xml', '/sitemap_index.xml/', '/sitemap_index.xml', ])) { die("worked"); wp_safe_redirect(get_home_url() . '/sitemaps.xml', 301); exit(); }else{ die("did not work"); } } } ``` * URL: [https://mydomain.xyz/subdir/sitemap.xml](https://mydomain.xyz/subdir/sitemap.xml) * Output: string(18) “/subdir/sitemap.xml”did not work - This reply was modified 2 years ago by [patrick1994](https://wordpress.org/support/users/patrick1994/). * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[SEOPress - AI SEO Plugin & On-site SEO] Crash in WP admin due to robots_txt hooked function](https://wordpress.org/support/topic/crash-in-wp-admin-due-to-robots_txt-hooked-function/) * Thread Starter [patrick1994](https://wordpress.org/support/users/patrick1994/) * (@patrick1994) * [2 years ago](https://wordpress.org/support/topic/crash-in-wp-admin-due-to-robots_txt-hooked-function/#post-17783388) * Alright. * I just want to add that method_exists has been throwing a TypeError with param null since PHP 8.0, might be worth looking into for the entire code base. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[SEOPress - AI SEO Plugin & On-site SEO] 301 redirection to /sitemaps.xml not reliable](https://wordpress.org/support/topic/301-redirection-to-sitemaps-xml-not-reliable/) * Thread Starter [patrick1994](https://wordpress.org/support/users/patrick1994/) * (@patrick1994) * [2 years ago](https://wordpress.org/support/topic/301-redirection-to-sitemaps-xml-not-reliable/#post-17783381) * Hi there, * any news? * Forum: [Reviews](https://wordpress.org/support/forum/reviews/) In reply to: [[Contact Form 7] Hacked three times](https://wordpress.org/support/topic/hacked-three-times/) * [patrick1994](https://wordpress.org/support/users/patrick1994/) * (@patrick1994) * [2 years, 2 months ago](https://wordpress.org/support/topic/hacked-three-times/#post-17496876) * Use the Patchstack plugin to scan for vulnerable plugins or just search the Patchstack vulnerability database by hand (though that will not protect you from future problems unless you do that daily). - This reply was modified 2 years, 2 months ago by [patrick1994](https://wordpress.org/support/users/patrick1994/). * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App] WordFence warnings: deprecated php](https://wordpress.org/support/topic/wordfence-warnings-deprecated-php/) * [patrick1994](https://wordpress.org/support/users/patrick1994/) * (@patrick1994) * [2 years, 4 months ago](https://wordpress.org/support/topic/wordfence-warnings-deprecated-php/#post-17372213) * “Deprecated” means “you should change this, else in some future version of – depending on the context PHP, Woocommerce, whatever – you will get problems”. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App] Site hac and save post smtp version](https://wordpress.org/support/topic/site-hac-and-save-post-smtp-version/) * [patrick1994](https://wordpress.org/support/users/patrick1994/) * (@patrick1994) * [2 years, 4 months ago](https://wordpress.org/support/topic/site-hac-and-save-post-smtp-version/#post-17372209) * This answer is not of very much use. Refer to the changelog: * 2.7.0 – 2023-10-26 - NEW – Added support for POST SMTP app. [Visit documentation for more information](https://postmansmtp.com/documentation/advance-functionality/postsmtp-mobile-app/?utm_source=wp_org&utm_medium=changelog) * Presumably, this version introduced the vulnerability. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App] site hacked email log, now what?](https://wordpress.org/support/topic/site-hacked-email-log-now-what/) * [patrick1994](https://wordpress.org/support/users/patrick1994/) * (@patrick1994) * [2 years, 4 months ago](https://wordpress.org/support/topic/site-hacked-email-log-now-what/#post-17352123) * Hi there, * I am not an expert at all, here are my 2ct: * Your log does not contain a login. A login would look like this:[17/Jan/2024: 21:51:10 +0100] “POST /wp-login.php HTTP/2.0” 302 0 The 302 in the log means that the login was successful. The next request could then be to /wp-admin/. * For each login, gather info about the IP: Country, ISP, time (check your browser history and that of your colleagues if applicable and check whether that was you). If you can say for certain that there are no suspicious IPs that have logged in, then you are fine. * Else, you really should restore the backup. Hackers can install hard to find backdoors and a hacked shop sounds pretty dangerous to me. 😀 * Note that you did not mention anything about the app connection. Go to Post SMTP- > Mobile App (or whatever the menu entry is) and check whether there is still a device connected. * For me, it said “Android device connected – Disconnect”. When I clicked “disconnect” and refreshed the page, it still said “Disconnect” but the Android device was gone. Whatever that means. I simply restored the backup. * I don’t know if multiple device can be connected (whether intended by the devs or not) and if yes, whether you can disconnect them all. Tbh, I would just deactivate the plugin. * PS: I see there is a “Disconnect App” plugin now. I guess the native disconnect feature is broken or insufficient? See * [https://wordpress.org/support/topic/latest-version-2-8-8-caused-physical-memory-issues/#post-17340500](https://wordpress.org/support/topic/latest-version-2-8-8-caused-physical-memory-issues/#post-17340500) - This reply was modified 2 years, 4 months ago by [patrick1994](https://wordpress.org/support/users/patrick1994/). * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App] Latest Version 2.8.8 – caused physical memory issues](https://wordpress.org/support/topic/latest-version-2-8-8-caused-physical-memory-issues/) * [patrick1994](https://wordpress.org/support/users/patrick1994/) * (@patrick1994) * [2 years, 4 months ago](https://wordpress.org/support/topic/latest-version-2-8-8-caused-physical-memory-issues/#post-17338939) * Hi [@edash22](https://wordpress.org/support/users/edash22/) * “I have deactivated the plugin for now. If it is inactive, is it still vulnerable?” * Nah, dw about it. Do not take this the wrong way, *other* vulnerabilities in any plugin *could* affect you even if the plugin is inactive, but *not* this one. * I could write whole essays on what to do next, but if none of your passwords have been changed and you stop using this plugin, you should be 😉 safe. If you want to reactivate this plugin later, ensure that nobody has connected their “ phone app” to the plugin – just to be safe. ^^ For that, go to “Post SMTP” ->“ Mobile App” in the side menu. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App] site hacked through post smtp 2.8.6 email log](https://wordpress.org/support/topic/site-hacked-through-post-smtp-2-8-6-email-log/) * [patrick1994](https://wordpress.org/support/users/patrick1994/) * (@patrick1994) * [2 years, 4 months ago](https://wordpress.org/support/topic/site-hacked-through-post-smtp-2-8-6-email-log/#post-17338085) * tl;dr update to 2.8.8 or later * see [https://wordpress.org/support/topic/possible-leakage-of-email-logs/](https://wordpress.org/support/topic/possible-leakage-of-email-logs/) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App] Post SMTP Email Logs](https://wordpress.org/support/topic/post-smtp-email-logs/) * [patrick1994](https://wordpress.org/support/users/patrick1994/) * (@patrick1994) * [2 years, 4 months ago](https://wordpress.org/support/topic/post-smtp-email-logs/#post-17337328) * xyz.com/wp-admin/admin.php?page=postman_email_log * export button on the right. Screenshot: [https://imgur.com/a/sPmbunc](https://imgur.com/a/sPmbunc) * I am not sure if this actually works, anymore – as in, if it contains the newer emails. Memory is old. * You can try dumping your database and using the search feature to find the mails, too, depending on your level of desparation. * PS: You might need to go to the “Plugins” page ( /wp-admin/plugins.php ) and then click the “Settings” link under Post SMTP. This plugin has become more and more broken, apparently. - This reply was modified 2 years, 4 months ago by [patrick1994](https://wordpress.org/support/users/patrick1994/). * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App] Latest Version 2.8.8 – caused physical memory issues](https://wordpress.org/support/topic/latest-version-2-8-8-caused-physical-memory-issues/) * [patrick1994](https://wordpress.org/support/users/patrick1994/) * (@patrick1994) * [2 years, 4 months ago](https://wordpress.org/support/topic/latest-version-2-8-8-caused-physical-memory-issues/#post-17337219) * [@edash22](https://wordpress.org/support/users/edash22/) v 2.8.7 is affected by a critical vulnerability, in other words anyone can take over your website until you update the plugin again (you need to update to 2.8.8 or higher). This particular “hack” involves using the password reset feature and then grabbing the password reset email. So if you find such an email in your inbox that most likely means that you have been hacked. - This reply was modified 2 years, 4 months ago by [patrick1994](https://wordpress.org/support/users/patrick1994/). * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App] Post SMTP Email Logs](https://wordpress.org/support/topic/post-smtp-email-logs/) * [patrick1994](https://wordpress.org/support/users/patrick1994/) * (@patrick1994) * [2 years, 4 months ago](https://wordpress.org/support/topic/post-smtp-email-logs/#post-17337211) * Are you sure the logs are actually empty and it is not just the backend display that is broken? Have you tried exporting the logs as CSV or whatever and reading them that way? That is how I dealt with it myself. I have only tried this in one instance and it worked. - This reply was modified 2 years, 4 months ago by [patrick1994](https://wordpress.org/support/users/patrick1994/). Viewing 15 replies - 1 through 15 (of 30 total) 1 [2](https://wordpress.org/support/users/patrick1994/replies/page/2/?output_format=md) [→](https://wordpress.org/support/users/patrick1994/replies/page/2/?output_format=md)