Tim

Thanks!

In the meantime, I solved the issue by adding the following in the “Custom CSS” section in the block options panel:

.eb-slider-nm042 {
width: 100vw;
margin-left: calc( ( 100% – 100vw ) / 2 ) !important;
}

Good to know – thank you!

Thanks! Sorry to hear it’s not possible yet but pleased that you consider it. I have been playing with JS to try to make it happen myself, but not quite succeeded yet.

Yes, I can. I’ll send it to you separately from this public forum though. ??

Thanks – I’ve posted a ticket on your site.

I have received an email from Kevin directly and replied with all the details I have about this exploit.

It seems to be to have been a proof of concept, i.e. the JS being referred to on the remote server was blank. Just the attacker seeing what he could do. But I’ll of course be grateful to hear if there was more to it than that.

Tim

That is brilliant to know Steve. So I can assure my clients if they are on 2.3.1 they are now safe from this attack.

My antimalware has confirmed the source and I am getting very close now to an understanding of what’s been done.

Thanks again

Thank you Steve for your quick response.

I have just gone through and ensured all my 30 or so sites have version 2.3.1 if they have PP Capabilities installed. I can also confirm that the compromised sites were also only those with PublishPress Capabilities on them. I do realise this might be coincidence but I’ve not seen a counterexample yet.

I have checked the security plugins and procedures as well as scanning for malware using my server tools, and found nothing yet. In all cases I have reset all users’ passwords and notified them.

It appears to me as if the user is being added, and then that user’s privileges are being used to upload the wp-striplple plugin. I am looking at the code of that plugin now. I am intrigued that seems to have experienced it the other way round, but this way makes sense that it could potentially be a flaw in the Capabilities plugin. (I am not out to apportion blame at all here, by the way – just to diagnose so I can stop it!)

I believe the malicious activity is happening manually rather than fully automatically. This is because on the couple of sites where I acted within a minute to delete the user once added, and before the user had reset their password, those sites did not have the wp-striplple plugin installed. So it appears I stopped the user before they had time to do it.

I shall file a report shortly on the link you mention once I’ve finished firefighting.

Thanks again both!

Tim

Thank you very much for the info! That’s incredibly helpful.

Do you have any idea how the users got added? I’m urgently trying to establish this.

Thanks for the information on this. I shall watch this thread for further news as I’m also having the same problem. ??

Yes, I am now pursuing this with you via the support ticket. I will post back here when a solution is found so that others can benefit.

This works – just what I needed. Thank you so much!

Thanks very much!

This is almost what I need, but I need the details of the offer applied, not just a true/false, so that I can show HTML relevant to the different offers on the right products. Does that make sense?

Thanks – I’m trying that and really struggling – no matter how I query this function it always seems to return false. I’m querying it on the product page of a product that I know does qualify, because if I add the product to the cart, the offer is applied.

Here’s what I’m doing:

// Finance table and promos after "Add to cart"
add_action( 'woocommerce_after_add_to_cart_form', 'woo_finance_table_and_promos');
function woo_finance_table_and_promos(){

	global $product;
	$product_price = $product->get_price();
	$discount = apply_filters('advanced_woo_discount_rules_get_product_discount_price_from_custom_price', $product_price, $product, 1, 0, 'all', true);
	echo '<pre>' . print_r( $discount, true ) . '</pre>';

// and more that I've omitted here

}

Brilliant – thank you!