Groovyx9

Thank you, Javier. I thought that by changing the recipient, I was also changing the sender, but that doesn’t make any sense, and this impression was purely due to a misunderstanding of the process on my part.

It also send the test to the removed address.

The excerpt focuses on latest versions which is normal. When I better checked the CVE’S, they also concerned php from 5.0.0 up to 8.1.29 for CVE-2024-4577 and from 7.3.27 up to 7.4.33 (included) for CVE-2024-5458, so I was wrong. Sorry.

Vulnerability found
xxxxxxx

PHP vulnerabilities

PHP running: 7.4.33

PHP 7.4 <= 7.4.33 (unfixed)
[+] CVE-2024-4577
[en] In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use “Best-Fit” behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

PHP 7.4 >= 7.4.15 – <= 7.4.33 (unfixed)
[+] CVE-2024-5458
[en] In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.

Learn more about the WordPress Vulnerability Database API at WPVulnerability

• This reply was modified 7 months, 2 weeks ago by Groovyx9.
• This reply was modified 7 months, 2 weeks ago by Groovyx9.

And back to the Dashboard ! Cool ??

You forgot to change the version number, your latest release is still @3.3.1 when it should be @3.3.2, so nothing is pushed ??

At first I thought it was because I was connecting through a wordpress management system, but even with the “usual” way to login and connect, it’s not there anymore. No error in Console so I guess it’s not a “display” issue, and of course I checked the screen options too ??

Good luck and thanks for your work.

admin

confirmed on a fresh installation…

Having the same issue. Very annoying.

No more issue with latest version ??

Hello Dennis, yup after a while I found out where it was ??

Thanks

It just took some time ??

Closed.

I disabled almost everything on overview. and kept only a few widgets. not convinced, a switch bringing back the older display system if needed would be nice.

• This reply was modified 1 year, 7 months ago by Groovyx9. Reason: typo

Exact same issue. Would appreciate an answer, or even better, a fix ??

Indeed, it is fixed. Thanks.