szmigieldesign

Hm also – is it just me or v3 badge loads site wide and not only on pages with contact form on them?

Yeah, 9.1 works fine, thanks.

Ok, it seems that it’s related to this issue: https://wpml.org/forums/topic/wpml-yoast-seo-javascript-error-in-admin-area/

Hm I had white screen only on localhost. Everything works when installed on commercial hosting. Does Gutenberg have any special requirements that aren’t fulfilled by regular XAMPP configuration?

Same here. I’m on localhost, Gutentype theme.

@ampforwp, while it’s understandable that more features lead to more difficulties in keeping the plugin secure, some vulnerabilities found by sybrew are anything but minor.

To quote the link provided by @adpawl:

I’ve found various exploitable points in a twenty-minute scan, these exploits notoriously include file injections, backdoor file downloading (including wp-config.php), DDoS vulnerability, database upgrading, options-and post-metadata overwriting, bandwidth exploitation (full WP media-library downloads), and unfiltered WordPress post injections.

All these exploits do not require any administrative privileges.

Aside from this, they embed the Redux framework, but they’re not keeping it fully up-to-date. I didn’t bother scanning this thorougly, but you can also adjust a few site options in there.

This is very serious, and I believe that you, as a developer, should provide a honest and deep explanation and issue a warning to all users, asking them to update the plugin ASAP and cease to use unsecured versions.

It’s beyond my comprehension why, under such circumstances, did you write:

No serious issues, to be honest

Pretty scary stuff. Hey, @ampforwp, would you care to elaborate on @adpawl findings?

Could you please elaborate more on how serious is the vulnerability?

Hi @miiitaka,

thanks a ton! I’ve tested it already and it works well. Breadcrumb URLs are generated correctly according to WPML site’s structure, ie. https://szmigiel.design/en/services/web-design/

Awesome! Will test it as soon as I get the code.

Hello @miiitaka,

home_url() should work in most circumstances. I believe that the culprit is how WPML handles redirections. I’m not sure as I’ve never programmed anything for WPML, but perhaps their plugin requires passing home_url() through their methods instead of directly via home_url().

This is interesting as the only problematic schema type is breadcrumbs – perhaps because it relies on shortcode and then it interferes with WPML?

Anyway, having a switch in your plugin would get the job done and it would be easier and faster than making full compatibility with WPML!

Fixed in next release with Responsive Placeholder.

Issue moved to Slack.

Nope, care to send me an invite – lukasz (at) szmigiel.design? NVM, I’ve found the link in the lscache plugin footer. I’ll get back to you tomorrow.

I believe that somehow lazy load is halting or somehow interfering with the script responsible for masonry layout. When I resize the window, everything reshuffles as it should. Weird.

• This reply was modified 6 years, 2 months ago by szmigieldesign. Reason: i'm stupid and blind ;)

1. Understandable. I think that extending this functionality to img class or any text around img tag in general would be useful. It would be useful to filter featured image with its class (I don’t like first post image to lazy load)

2. Please check the link again and see below first 4 or 6 posts – https://szmigiel.design/en/blog/