stopps
Forum Replies Created
-
@coquardcyr Excellent – many thanks, looking forward to getting this reactivated on client sites. Good work.
@coquardcyr Thanks for confirming the removal in version 2.3.8, do you have a timeline for when this will be released?
All the best,
@coquardcyr – Thanks for getting back to to me. The reference has been removed from:
/rocket-lazy-load/vendor/wp-media/rocket-lazyload-common/src/Assets.php
from but not from:
vendor/wp-media/rocket-lazyload-common/src/Assets.php
Which means the plugin is still being flagged by security software. I’m looking at Version 2.3.7.
As sel has mentioned, this plugin still contains a reference to pollyfill.io in the file:
/vendor/wp-media/rocket-lazyload-common/src/Assets.php
Can this be addressed so we can reactivate it as a safe plugin?
Seconding this request – the file:
/src/Dependencies/RocketLazyload
/Assets.phphas a reference to pollyfill.io, loading a JavaScript file from this domain (which as Sebastian has pointed out is now considered compromised). Please move this to either CloudFlare’s mirror or bring the file local (from a trusted source).
We recommend anyone using this plugin deactivated it until an update has been issued to correct this issue.
Forum: Plugins
In reply to: [SVG Support] Updating Failed when try to update a pageWe’ve also started experiencing this issue, ACF versions 6.3.1 through to 6.3.1.2, SVG Support 2.5 through to 2.5.5. Oddly we don’t see it on every site instance. Disabling SVG Support resolves the issue.
Should we expect the SVG Support plugin to be updated? We are moving to Safe SVG as a temporary solution for impacted sites.
Forum: Plugins
In reply to: [Comments Like Dislike] Wordfence and PatchStack Flagging Security IssueThanks for actioning so promptly, much apprecaited.
Forum: Plugins
In reply to: [Comments Like Dislike] Security VulnerabilityHi @regankhadgi ,
Thanks for actioning this so promptly, we are rolling out the update and we can see Wordfence are now showing version 1.2.1 as a full patch.
Thanks for a great plugin!
Forum: Plugins
In reply to: [Comments Like Dislike] Security VulnerabilityHello r@regankhadgi,
Please note that Wordfence are reporting that you have only partly resolved the issue. A nonce is not sufficient, you need to check the capabilities of the user to ensure they should be allowed to reset the plugin (using current_user_can( ‘manage_options’ ) or similar).
Can you fix and release a new version?
Many thanks.
Forum: Plugins
In reply to: [ACF Content Analysis for Yoast SEO] High Number of ‘query-attachments’Hi Thomas,
Thanks for the prompt response. We do have image fields used in some of the custom field groups.
We have implemented the function you have provide and it does seem to have had a positive impact, when testing on our staging server (less calls). We will push to production and monitor it there and let you know of the outcome.
All the best,
Julian