Title: rprentice84's Replies | WordPress.org

---

# rprentice84

  [  ](https://wordpress.org/support/users/rprentice84/)

 *   [Profile](https://wordpress.org/support/users/rprentice84/)
 *   [Topics Started](https://wordpress.org/support/users/rprentice84/topics/)
 *   [Replies Created](https://wordpress.org/support/users/rprentice84/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/rprentice84/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/rprentice84/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/rprentice84/engagements/)
 *   [Favorites](https://wordpress.org/support/users/rprentice84/favorites/)

 Search replies:

## Forum Replies Created

Viewing 15 replies - 1 through 15 (of 15 total)

 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce] Latest Plugin Update breaks Google Merchant Feed – Availability](https://wordpress.org/support/topic/latest-plugin-update-breaks-google-merchant-feed-availability/)
 *  Thread Starter [rprentice84](https://wordpress.org/support/users/rprentice84/)
 * (@rprentice84)
 * [1 year, 5 months ago](https://wordpress.org/support/topic/latest-plugin-update-breaks-google-merchant-feed-availability/page/2/#post-18298913)
 * I had used filters and rules to fix it but that only worked until the most recent
   update and then it started giving bad data again (either ‘no’ or ‘in stock’ versus
   the appropriate ‘in_stock’ for google. There is an incompatibility with this 
   plugin and the latest version of WooCommerce and its related plugins.
   I rebuilt
   the feeds twice but it didnt resolve. When I backdate the plugin back to the 
   older version from the last few updates the issue goes away with all other plugins
   being current.
 * Whatever re-factor or changes happened with the update when we first posted this
   caused a fairly widespread set of issues based on all the posts, and it hit everyone
   differently (which is to be expected based on what plugins people are using).
 * I did my feed with another plugin for now, to avoid further disruptions.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce] Latest Plugin Update breaks Google Merchant Feed – Availability](https://wordpress.org/support/topic/latest-plugin-update-breaks-google-merchant-feed-availability/)
 *  Thread Starter [rprentice84](https://wordpress.org/support/users/rprentice84/)
 * (@rprentice84)
 * [1 year, 5 months ago](https://wordpress.org/support/topic/latest-plugin-update-breaks-google-merchant-feed-availability/#post-18276009)
 * [@galbaras](https://wordpress.org/support/users/galbaras/) Already downgraded
   days ago, but upgraded again due to back and forth emails with the plugin team
   to no resolve. I have since deleted the plugin because they cannot find a solution
   to the issue.
 * I will also note that it was more than 2 days since the update that broke it 
   before I upgraded mine, nearly a week. And I do test my updates, thus when I 
   posted about the issue. They have deployed 2 updates since to fix other issues,
   but have not resolved this one.
    -  This reply was modified 1 year, 5 months ago by [rprentice84](https://wordpress.org/support/users/rprentice84/).
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Premium Addons for Elementor - Powerful Elementor Templates & Widgets] Conditional Display PHP Errors](https://wordpress.org/support/topic/conditional-display-php-errors/)
 *  Thread Starter [rprentice84](https://wordpress.org/support/users/rprentice84/)
 * (@rprentice84)
 * [1 year, 5 months ago](https://wordpress.org/support/topic/conditional-display-php-errors/#post-18271847)
 * The patch version caused a fatal error:
   **Line** 33
 * **Message** Uncaught Error: Class “PremiumAddons\Includes\Premium_Template_Tags”
   not found in /XXXXX/public_html/wp-content/plugins/premium-addons-for-elementor/
   includes/pa-display-conditions/conditions/post-type.php:33 Stack trace: #0
 * **File** /XXXXX/public_html/wp-content/plugins/premium-addons-for-elementor/includes/
   pa-display-conditions/conditions/post-type.php
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce] Latest Plugin Update breaks Google Merchant Feed – Availability](https://wordpress.org/support/topic/latest-plugin-update-breaks-google-merchant-feed-availability/)
 *  Thread Starter [rprentice84](https://wordpress.org/support/users/rprentice84/)
 * (@rprentice84)
 * [1 year, 5 months ago](https://wordpress.org/support/topic/latest-plugin-update-breaks-google-merchant-feed-availability/#post-18268888)
 * Being down almost 5 business days kills an e-commerce business. Any updates? 
   not sure what major code refactoring you did with the most recent subversion 
   but lots of support posts with a wide range of issues.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce] Latest Plugin Update breaks Google Merchant Feed – Availability](https://wordpress.org/support/topic/latest-plugin-update-breaks-google-merchant-feed-availability/)
 *  Thread Starter [rprentice84](https://wordpress.org/support/users/rprentice84/)
 * (@rprentice84)
 * [1 year, 5 months ago](https://wordpress.org/support/topic/latest-plugin-update-breaks-google-merchant-feed-availability/#post-18267424)
 * [@superlemon1998](https://wordpress.org/support/users/superlemon1998/) Just emailed
   you the config and a link to the feed. Its still down even after trying the latest
   version of the plugin from today.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce] Latest Plugin Update breaks Google Merchant Feed – Availability](https://wordpress.org/support/topic/latest-plugin-update-breaks-google-merchant-feed-availability/)
 *  Thread Starter [rprentice84](https://wordpress.org/support/users/rprentice84/)
 * (@rprentice84)
 * [1 year, 5 months ago](https://wordpress.org/support/topic/latest-plugin-update-breaks-google-merchant-feed-availability/#post-18262433)
 * [@superlemon1998](https://wordpress.org/support/users/superlemon1998/)
 * I have the setup copied but cannot find a way to submit the info to your support
   team. I dont have the elite license.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce] Latest Plugin Update breaks Google Merchant Feed – Availability](https://wordpress.org/support/topic/latest-plugin-update-breaks-google-merchant-feed-availability/)
 *  Thread Starter [rprentice84](https://wordpress.org/support/users/rprentice84/)
 * (@rprentice84)
 * [1 year, 5 months ago](https://wordpress.org/support/topic/latest-plugin-update-breaks-google-merchant-feed-availability/#post-18262381)
 * Hey Jeff (@superlemon1998),
 * I rolled the plugin back to 13.3.9 and it fixed the issue, so its not a theme
   or plugin conflict.
 * ![](https://i0.wp.com/www.threeifbyspace.net/configscreenshot.png?ssl=1)
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WooCommerce PayPal Payments] Attacked by “card testing” – “origin unknown”](https://wordpress.org/support/topic/attacked-by-card-testing-origin-unknown/)
 *  [rprentice84](https://wordpress.org/support/users/rprentice84/)
 * (@rprentice84)
 * [1 year, 7 months ago](https://wordpress.org/support/topic/attacked-by-card-testing-origin-unknown/page/2/#post-18192106)
 * We get plenty of legit orders with an unknown source origin due to cookie blocking
   or privacy blocking settings esp on mobile, so you could be impacting direct 
   revenue. Thats why we cannot use a solution like that, not to mention editing
   the plugin directly preventing you from updating will put you out of PCI Compliance
   should another vulnerability come up while we wait for PayPal to update this 
   issue.
 * The solution I provided above doesnt block the entire API as other solutions 
   have provided but instead prevents the bot from grabbing the catalog as JSON 
   response and as a result the bot process dies because it doesnt have a sku to
   continue. This has completely stopped the bot orders for us without impacting
   real customers or functionality.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WooCommerce PayPal Payments] Attacked by “card testing” – “origin unknown”](https://wordpress.org/support/topic/attacked-by-card-testing-origin-unknown/)
 *  [rprentice84](https://wordpress.org/support/users/rprentice84/)
 * (@rprentice84)
 * [1 year, 7 months ago](https://wordpress.org/support/topic/attacked-by-card-testing-origin-unknown/page/2/#post-18189430)
 * [@inpsydekrystian](https://wordpress.org/support/users/inpsydekrystian/) There
   is no misunderstanding. I can confirm when i log into our merchant account with
   PayPal the AVS response code listed is N, not M. And we confirmed with the chargebacks
   received the address provided on the orders was not a match.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WooCommerce PayPal Payments] Attacked by “card testing” – “origin unknown”](https://wordpress.org/support/topic/attacked-by-card-testing-origin-unknown/)
 *  [rprentice84](https://wordpress.org/support/users/rprentice84/)
 * (@rprentice84)
 * [1 year, 7 months ago](https://wordpress.org/support/topic/attacked-by-card-testing-origin-unknown/#post-18189265)
 * I have logs that show the fraud orders bypassing PayPal Fraud filters. After 
   hitting the JSON of the catalog and adding to cart via API it directly queries
   the PayPal endpoints for getting a token/client id, creating an order, and forcing
   an approval. See below
 * “POST /?wc-ajax=ppc-data-client-id HTTP/1.0” 200 1061 XXXXX “Mozilla/5.0 (iPhone;
   CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML like Gecko) CriOS/
   120.0.6099.119 Mobile/15E148 Safari/604.1”
 * “POST /?wc-ajax=ppc-create-order HTTP/1.0” 200 700 XXXXX “Mozilla/5.0 (iPhone;
   CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML like Gecko) CriOS/
   120.0.6099.119 Mobile/15E148 Safari/604.1”
 * “POST /?wc-ajax=ppc-approve-order HTTP/1.0” 200 621 XXXXX “Mozilla/5.0 (iPhone;
   CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML like Gecko) CriOS/
   120.0.6099.119 Mobile/15E148 Safari/604.1”
 * “POST /wp-json/wc/store/checkout HTTP/1.0” 200 3155 “
 * Then when I go into woocommerce, I see the order approved with an AVS response
   of N and CVV response of N even though we have the filters enabled to reject 
   any CVV or AVS response of N. I sent this all to our Rep yesterday to open a 
   ticket.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WooCommerce PayPal Payments] Attacked by “card testing” – “origin unknown”](https://wordpress.org/support/topic/attacked-by-card-testing-origin-unknown/)
 *  [rprentice84](https://wordpress.org/support/users/rprentice84/)
 * (@rprentice84)
 * [1 year, 7 months ago](https://wordpress.org/support/topic/attacked-by-card-testing-origin-unknown/#post-18185133)
 * 12ish hours in and it has fully stopped the bot orders and we have not seen any
   issues with other functionality and real orders coming in without issue. I am
   still waiting to hear back from PayPal about how they are using the REST API 
   unauthenticated to bypass fraud filters on the payment gateway side because that
   feels like a serious vulnerability that needs to be addressed.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WooCommerce PayPal Payments] Attacked by “card testing” – “origin unknown”](https://wordpress.org/support/topic/attacked-by-card-testing-origin-unknown/)
 *  [rprentice84](https://wordpress.org/support/users/rprentice84/)
 * (@rprentice84)
 * [1 year, 7 months ago](https://wordpress.org/support/topic/attacked-by-card-testing-origin-unknown/#post-18184582)
 * I have had the same issue, and I brought it up to our account executive at PayPal
   because i dont have this issue on sites I manage using other payment gateways.
   Investigating the logs I found this:
 * The bots are making use of the open REST API built into WooCommerce/WordPress
   to submit these orders and otherwise bypass a lot of built in checks that are
   part of the standard checkout process.
 * It starts with the bot hitting wp-json/wc/store/products in WooCommerce with 
   filters that sort and list your cheapest products first, making it easier for
   them to test stolen cards. Then they start to submit POST requests to the REST
   API endpoint to add to cart, checkout, create order, push payment to PayPal and
   even seen them find a way to forcibly bypass Fraud filters within PayPal and 
   get the payment to go through even when the filters are set to block AVS N responses(
   sent this to our PP rep also). 
   So we looked at the official wordpress documentation
   on restricting the REST API ([https://developer.wordpress.org/rest-api/frequently-asked-questions/#can-i-disable-the-rest-api](https://developer.wordpress.org/rest-api/frequently-asked-questions/#can-i-disable-the-rest-api))
   While they do not recommend shutting it down completely as it can break 3rd party
   plugins and functionality in the admin panel, I decided to take their code for“
   Require Authentication for All Requests” and modified it to only require the 
   user be logged in when hitting that initial wp-json/wc/store/products URL with
   the in stock and sorting filters. I will monitor and let you know if this stops
   it without breaking anything. I cannot promise this use-case will work for all
   sites and setups. We modified the logic from the URL above with this URL check:
 * $api_url = $_SERVER[‘REQUEST_URI’]; //Added this to get the url the user is trying
   to hit
 * if ( ! is_user_logged_in() && str_contains($api_url,”/wp-json/wc/store/products”)){
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Essential Addons for Elementor - Popular Elementor Templates & Widgets] Plugin Update 5.2.2 Breaks Elementor Pro](https://wordpress.org/support/topic/plugin-update-5-2-2-breaks-elementor-pro/)
 *  Thread Starter [rprentice84](https://wordpress.org/support/users/rprentice84/)
 * (@rprentice84)
 * [3 years, 10 months ago](https://wordpress.org/support/topic/plugin-update-5-2-2-breaks-elementor-pro/#post-15925891)
 * I tried generating assets before posting and that didnt work.
 * Just updated to 5.2.3 and everything appears to be working with that latest update.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Jetpack - WP Security, Backup, Speed, & Growth] Publicize is no longer functional](https://wordpress.org/support/topic/publicize-is-no-longer-functional/)
 *  [rprentice84](https://wordpress.org/support/users/rprentice84/)
 * (@rprentice84)
 * [4 years, 8 months ago](https://wordpress.org/support/topic/publicize-is-no-longer-functional/#post-15008178)
 * I agree with Rene. The plugin team is ignoring the facts here.
 * As of about a week ago, custom post types stopped working on sites where it was
   working previously with no updates other than the most recent Jetpack update.
 * My site is the same. Confirmed that standard posts publish but custom post types,
   including WooCommerce products dont work. WooCommerce is a base e-commerce platform
   for WordPress, a fundamental feature, and its broken.
 * I know we are not ‘paid’ subscribers to your plugin, but at least provide some
   honest answers. Something is broken.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Jetpack - WP Security, Backup, Speed, & Growth] Publicize is no longer functional](https://wordpress.org/support/topic/publicize-is-no-longer-functional/)
 *  [rprentice84](https://wordpress.org/support/users/rprentice84/)
 * (@rprentice84)
 * [4 years, 8 months ago](https://wordpress.org/support/topic/publicize-is-no-longer-functional/#post-14999541)
 * Same issue. Started 3 days ago. All social sharing stopped. Disconnected each
   network and reconnected, no change.
 * Ran debugger for Jetpack showed no errors.
    Ran Graph debugger for FB and it 
   says all og tags are in place.
 * Something happened with the most recent update.

Viewing 15 replies - 1 through 15 (of 15 total)