currencywiki

Thank you for your feedback! We do support Arabic on our website. However, our plugin currently lacks several languages, including Arabic, due to the initial development constraints. As we transition to a newer version of the plugin, we will work on adding more languages.

The limitation you’re experiencing is a result of a security update implemented in version 3.0.3. This update aimed to address a Stored Cross-Site Scripting (XSS) vulnerability, prioritizing the overall security of your website.

As a consequence, the current functionality restricts the display to only one shortcode widget at a time. We understand that this change may be inconvenient for you. However, implementing a new widget system that supports multiple instances while maintaining security may take some time to develop.

In the meantime, we want to offer you a couple of options to help you navigate this situation:

• Revert to Version 3.0.2: If you are comfortable with it, you have the option to revert to the previous version (3.0.2). However, please be aware that this version is not patched for the XSS vulnerability, so use it with caution. You can download it here.
• Use Sidebar Widgets: Instead of relying on shortcodes, you can explore the option of using sidebar widgets. This will allow you to display multiple currency converter widgets without encountering the current limitation.

Hello,

Thank you for reaching out and for using our Currency Converter Widget.

We are aware of the issue you’re experiencing with inserting multiple widgets via shortcodes. This limitation was introduced as part of our recent security update in version 3.0.3, where we patched a Stored Cross-Site Scripting (XSS) vulnerability. To enhance security, we had to restrict the functionality to display only one shortcode widget at a time.

We understand this change might be inconvenient, and we’re exploring solutions. However, creating a new widget system that supports multiple instances without compromising security will take some time, and currently, we do not have an estimated timeframe for this.

In the meantime, you have a couple of options:

1. Revert to version 3.0.2: Please note that this version is not patched for the XSS vulnerability, so use it with caution. DOWNLOAD
2. Use sidebar widgets: Instead of shortcodes, you can use sidebar widgets, which will allow you to display multiple currency converter widgets without issues.

We apologize for any inconvenience this may cause and appreciate your understanding as we work towards a more robust and secure solution.

• This reply was modified 10 months, 3 weeks ago by currencywiki.

Hello @thefungroup,

Thank you for reaching out!

We are aware of the reported Stored Cross-Site Scripting (XSS) vulnerability in versions up to and including 3.0.2 of our plugin. This vulnerability was due to inadequate input sanitization and output escaping on user-supplied attributes in the plugin’s shortcodes. We’ve addressed this issue in the latest update.

Immediate Action:
We have taken this issue very seriously and have already developed a patch to address this vulnerability. The patch includes:

• Stored Cross-Site Scripting Vulnerability: Addressed and fixed a vulnerability related to Stored Cross-Site Scripting (XSS) in the plugin’s shortcodes. This was achieved through enhanced input sanitization and output escaping, ensuring that user-supplied attributes in the shortcodes are securely handled.

• Strengthened Input Sanitization: Implemented improved input sanitization techniques to effectively clean user inputs, preventing the injection of malicious scripts.

• Improved Output Escaping: Enhanced the output escaping mechanisms to ensure that any data displayed by the plugin is safe from script execution.

A new version of the plugin, [Version 3.0.3], containing these security enhancements, is now available. We strongly recommend updating to this latest version immediately to ensure your website’s security and to protect against this vulnerability.

Thank you for reaching out and for your continued support of our plugin. I understand the inconvenience caused by the compatibility issues with PHP 8. We are working towards making the plugin fully functional for PHP 8, but currently, there is no definitive ETA for an official update.

In the meantime, we have a temporary solution for you. Please refer to the pinned post regarding PHP 8 compatibility. You can manually download the updated version of the plugin from this link: currency-converter-widget-php8.zip. After downloading, you will need to upload it to your site.

We appreciate your patience and hope this solution will help you until the official update is released. If you encounter any issues or have further questions, feel free to reach out.

Best regards.

Thank you, anyiofala, for your feedback! We’re thrilled that our plugin does exactly what it says it does. Your support and positive review are greatly appreciated. Thank you for choosing our plugin!

Thank you, creativeasylum, for your review of our great plugin! We’re glad to hear that our plugin has worked well for you. Your support and positive feedback motivate us to continue improving our offerings.

Thank you, adibtp, for your feedback on our excellent plugin! We’re delighted to know that our plugin has exceeded your expectations. Your support and positive review are greatly appreciated.

Thank you, keru, for your excellent and useful plugin review! We’re thrilled to hear that our plugin has met your expectations. Your support and positive feedback mean a lot to us.

Thank you for your feedback!

Appreciate your feedback! We’re thrilled that our plugin is working like a dream for you, and that you appreciate the absence of annoying email setups. Thank you for choosing our plugin!

Thank you for your excellent review!!! We’re delighted to hear that you find our plugin practical ??

Thank you, dhkwon, for your positive feedback!

Thank you for your fantastic review! We’re thrilled that you created a WordPress account just to give our plugin a 5-star rating. We greatly appreciate your support and are delighted that the plugin is working solidly for you.

Thank you, silvercarpet, for your feedback! We’re glad to know that the plugin is working great for you and meets your expectations. Regarding centering the widget, we understand that it can vary depending on the site and template. Thank you for your support!