I installed WP-Cerber to protect against CVE-2018-6389. I see the entry in .htaccess and when I test the vulnerability it successfully blocks the vulnerability. But it only seems to be temporary. Next day our vulnerability scanner flags the issue again, and the entry is missing from the .htaccess file, even though “Block unauthorized access to load-scripts.php and load-styles.php” is still checked in wp-cerber. If I click save, the entry gets written to the .htaccess file again. Then next day it is gone. Is there anything I can do to make the protection permanant?
Thank you
]]>I installed WP-Cerber to protect against CVE-2018-6389. I see the entry in .htaccess and when I test the vulnerability it is blocked. But it only seems to be temporary. After a few days, our vulnerability scanner flags the issue again. If I test I see the vulnerability again too. So then I log in to wp-admin, and go to the WP-Cerber Hardening page. I see that “Block unauthorized access to load-scripts.php and load-styles.php” is active, but I have to click save, then the vulnerability goes away again. This is great but it will show up again in a few days. Is there anything I can do to make the protection permanant?
Thank you
]]>Only workaround is to use define(‘SCRIPT_DEBUG’, TRUE);
When doesn’t work:
GET https://mySite/wp-admin/load-scripts.php?c=0&load%5B%5D=hoverIntent,common,admin-bar,underscore,shortcode,backbone,wp-util,wp-backbone,media-models,wp-plupload,jquery-ui-core,jquery-ui&load%5B%5D=-widget,jquery-ui-mouse,jquery-ui-sortable,wp-mediaelement,wp-api-request,media-views,media-editor,media-audiovideo,mce-view,img&load%5B%5D=areaselect,image-edit,media-grid,media,svg-painter,heartbeat,wp-auth-check&ver=4.9.8 HTTP/1.1
Host: mySite
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://mySite/wp-admin/upload.php
Cookie: <some cookie>
DNT: 1
Connection: keep-alive
When debugging activated:
I don’t see any load-scripts.php and Media Library is loaded.
Debugging doesn’t pinpoint to any problem but something changes the behavior when activated.
]]>My Question: Will Wordfence be deploying an automatic mitigation in the form of this change to load-scripts.php, or should we be running this ourselves if we have shell access to our hosts?
Source: https://thehackernews.com/2018/02/wordpress-dos-exploit.html
]]>The only thing I shared between the two sites was:
I followed the instructions on the debugging javascript errors page, but, unfortunately adding:
define('SCRIPT_DEBUG', true);
To wp-config.php fixed the issue.
I don’t know how, or why. I just know that it works now.
]]>On wp-admin of my site, some of the click to expand functions (such as “screen options” at the top right, “collapse menu” on the left column, and widgets accordion effect) are not clickable. Basically seems like the toggle function is not working.
I tried deactivating all the plugins and switching to Twenty Sixteen theme. But it still doesn’t work.
When I look at JS Console, I see the following error messages:
…/wp-admin/load-scripts.php
Error: Syntax error, unrecognized expression: #icl_side_by_site a[href=#cancel]
TypeError: e is undefined
I have another blog that still works fine. When I compare the load-scripts.php files, there seems to be some lines missing on this site’s file. But load-scripts.php file can’t be edit by owner so I can’t try it out.
Doesn’t anyone know what is causing the issue? Will anyone be able to help me to take a look?
Many thanks.
]]>The error that I get in the console is:
Uncaught ReferenceError: columns is not defined
load-scripts.php:82
It is working on one of the other sites in the same multisite install though.
I created a new test site in multi site and the menu works there. I activated all of the plugins and it still worked. I deactivated all the plugins on the other site one by one and couldn’t find anything. I tested the test site using the same theme as is on the broken sites and it didn’t break.
I couldn’t find any more debug errors related to this problem. I tried replacing the load-scripts.php file.
Any tips on how I can resolve this issue?
Thanks
In console i get this error:
Uncaught ReferenceError: columns is not defined
load-scripts.php?c=0&load[]=jquery-core,jquery-migrate,utils,jquery-ui-core,jquery-ui-widget,jquery…:82 Uncaught ReferenceError: columns is not defined
i search for an solution for many times, but nothing works. I dont have installed the event plugin and i try to clear all caches and deactivate all plugins. Nothing works. Try so many thinks. Problem is since wp 4.4
]]>I’m hoping that someone can point me in the right direction.
I have a WordPress installation which has some internal jQuery issues on the WP-Admin. Mainly that the Widgets don’t expand/contract to allow you to edit them, the actual menus themselves don’t view on hover, and I can’t update some of the plugins.
I have tried reverting to TwentyTwelve and disabling all the plugins (both at the same time and individually, and I still get the same issue.
I have tried to reinstall the WordPress installation to see if that helps. Still nothing.
The error seems to be within load-scripts.php. I have a screenshot here: https://newentrepreneursfoundation.com/wp-content/uploads/2015/09/screenshot.png
Can anyone help me fix this problem?
Thanks in advance
Chris
]]>I’m getting a javascript error in my console — https://i.imgur.com/NLcilGO.png — which is blocking some ajax. The ajax is used to edit content on certain pages (that’s a theme feature, of course) and now I can’t edit those pages.
I think it’s a core problem because of the following:
However, it could potentially be a theme problem because the error only appears on my Theme Options page: .com/wp-admin/admin.php?page=themeple
I’m using Maximus by Themeple and I have a support ticket open in their support forum as well.
I only began having this problem when I upgraded to 4.1.1 last week. Did anything in load-scripts.php change from 4.1 to 4.1.1?
]]>