Missing elements & sender email security flaw

  • Resolved diabolico

    (@diabolico)


    7 years, 11 months ago

    On fresh install of WP and this plugin, Opera reports 4 errors under elements:

    (index):60 GET https://www.MYDOMAIN.TLD/wp-content/plugins/wp-support-plus-responsive-ticket-system/asset/css/jquery-ui.css?version=8.0.6&ver=4.7.3 
jquery-migrate.min.js?ver=1.4.1:2 JQMIGRATE: Migrate is installed, version 1.4.1
jquery.js?ver=1.12.4:4 GET https://www.MYDOMAIN.TLD/wp-content/plugins/wp-support-plus-responsive-ticket-system/asset/css/images/ui-icons_ffffff_256x240.png 404 (Not Found)
(anonymous) @ jquery.js?ver=1.12.4:4
(anonymous) @ jquery.js?ver=1.12.4:2
map @ jquery.js?ver=1.12.4:2
map @ jquery.js?ver=1.12.4:2
offsetParent @ jquery.js?ver=1.12.4:4
position @ jquery.js?ver=1.12.4:4
a.fn.position @ position.min.js?ver=1.11.4:11
(anonymous) @ public.js?version=8.0.6&ver=4.7.3:373
i @ jquery.js?ver=1.12.4:2
fireWith @ jquery.js?ver=1.12.4:2
y @ jquery.js?ver=1.12.4:4
c @ jquery.js?ver=1.12.4:4
jquery.js?ver=1.12.4:4 GET https://www.MYDOMAIN.TLD/wp-content/plugins/wp-support-plus-responsive-ticket-system/asset/css/images/ui-icons_444444_256x240.png 404 (Not Found)
(anonymous) @ jquery.js?ver=1.12.4:4
(anonymous) @ jquery.js?ver=1.12.4:2
map @ jquery.js?ver=1.12.4:2
map @ jquery.js?ver=1.12.4:2
offsetParent @ jquery.js?ver=1.12.4:4
position @ jquery.js?ver=1.12.4:4
a.fn.position @ position.min.js?ver=1.11.4:11
(anonymous) @ public.js?version=8.0.6&ver=4.7.3:373
i @ jquery.js?ver=1.12.4:2
fireWith @ jquery.js?ver=1.12.4:2
y @ jquery.js?ver=1.12.4:4
c @ jquery.js?ver=1.12.4:4
jquery.js?ver=1.12.4:4 GET https://www.MYDOMAIN.TLD/wp-content/plugins/wp-support-plus-responsive-ticket-system/asset/css/images/ui-icons_555555_256x240.png 404 (Not Found)
attr @ jquery.js?ver=1.12.4:4
a.attr @ jquery-migrate.min.js?ver=1.4.1:2
addClass @ jquery.js?ver=1.12.4:4
mouseenter @ widget.min.js?ver=1.11.4:11
h @ widget.min.js?ver=1.11.4:11
handle @ jquery.js?ver=1.12.4:3
dispatch @ jquery.js?ver=1.12.4:3
r.handle @ jquery.js?ver=1.12.4:3

    At one point i had 5 errors but right now i cant reproduce the missing one.

    Shared hosting (cPanel)
    PHP 7.1
    WordPress 4.7.3
    Theme Divi from ElegantThemes
    WP Support Plus 8.0.6

    I mask my domain but this is just test site so if you want i can give you full access if you provide me with non-public way to contact you.

    EDIT – Sender Email
    I need to test this on a VPS but when this plugin is installed on shared hosting the sender email will be the one from the server, e.g. instead of “[email protected]” it will use the system email “cpanel_username@shared_hosting_server.tld”.
    Its really dangerous to reveal your cPanel username to the public and you should implement an option to properly use SMTP or some other solution. From security point of view this is pretty big flaw and should be fixed asap.

    • This topic was modified 7 years, 11 months ago by diabolico.
    • This topic was modified 7 years, 11 months ago by bdbrown.
Viewing 6 replies - 1 through 6 (of 6 total)

  • Hi @diabolico,

    We would like to check this issue. Please contact us via facebook page below:
    https://www.facebook.com/wpsupportplus/
    Please do not forget to mansion this post URL to understand the issue there on Facebook.

    Thread Starter diabolico

    (@diabolico)

    No problem, i will contact you over FB but it will be in few hours as right now i’m over my head with some deadlines. Probably it will be after 5PM CET.

    Thread Starter diabolico

    (@diabolico)

    @nsgawli: I sent you a message on FB.

    For the email part i have a solution but it requires another plugin – Postman SMTP.
    I tried few plugins for SMTP but until now only this one works with WP support plus. It would be nice to have integrated solution so we can avoid additional plugins or at least make it as free addon to WP support plus, so people can chose what to use.

    Other solution would be to put a note on the front page of your plugin so people dont need to look around for a solution. As i said, not all SMTP plugins works with WP support plus and only way to find out is to install all of them and see which one actually works.

    • This reply was modified 7 years, 11 months ago by diabolico.
    Plugin Author Pradeep Makone

    (@pradeepmakone07)

    Hi there,

    Thank you for the info. We have now fixed this issue and soon available in next version.

    Regarding email sending, we are relying on WordPress functionality to send mails so no need to give SMTP options exclusively. No matter what wordpress use to send emails, this plugin will call wp_mail function for sending emails and rest is taken care by WordPress. If you use any SMTP solution, wordpress will send email via that.

    Hi,
    when will this update be available?
    Thanks.

    Hi @mcsiegen

    We are planned to release new version within 15 days.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Missing elements & sender email security flaw’ is closed to new replies.