This is a plugin that supports the functions of the theme, if you delete this plugin, you will not be able to use the full functionality that the extra provides. The link you sent doesn't say what the error is that the plugin encounters, so it's hard to fix it
Support Team
We are located in GMT +7 time zone and we answer all questions within 12-48 hours on weekdays. In some rare cases, the waiting time can be to 48 hours. Support tickets sent during weekends or public holidays will be processed next Monday or the next business day.
If you like our theme, Please vote it 5 stars. We are really really appreciate your vote :
The plugin can be hacked such that the website can be compromised. Please Google "vulnerable to Server Side Request Forgery (SSRF)". From the posting:
Dave Jong (Patchstack) discovered and reported this Server Side Request Forgery (SSRF) vulnerability in WordPress Wpopal Core Features Plugin. This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information of other services running on the system. This vulnerability has not been known to be fixed yet.
Your developer will need to reach out to Dave Jong and find out what he did to expose the issues. All websites using this base tooling will now be exposed and they will show as vulnerable. My hosting provider and WordPress console both show my site as vulnerable now. This is something that is in your company's best interest to fix as soon as possible.
Looks like he's using some kind of software to scan the plugin and issue warnings.
The messages are very general and do not specify the problem the plugin is having. I have also read warnings from other plugins, all of which are very general and do not specify the problem the plugin is having. We'll keep an eye on this, but as of now none of our customers have been hacked through this plugin, so don't worry too much about it.
Support Team
We are located in GMT +7 time zone and we answer all questions within 12-48 hours on weekdays. In some rare cases, the waiting time can be to 48 hours. Support tickets sent during weekends or public holidays will be processed next Monday or the next business day.
If you like our theme, Please vote it 5 stars. We are really really appreciate your vote :
WordPress Wpopal Core Features Plugin <= 1.5.8 is vulnerable to Server Side Request Forgery (SSRF)
I wWould like to know either how to:
1. Remove this plugin - if that is even possible given the theme is using it?
OR
2. When it will have its vulnerabilities fixed so I can update my website?
This is a plugin that supports the functions of the theme, if you delete this plugin, you will not be able to use the full functionality that the extra provides.
The link you sent doesn't say what the error is that the plugin encounters, so it's hard to fix it
Support Team
We are located in GMT +7 time zone and we answer all questions within 12-48 hours on weekdays. In some rare cases, the waiting time can be to 48 hours. Support tickets sent during weekends or public holidays will be processed next Monday or the next business day.
If you like our theme, Please vote it 5 stars. We are really really appreciate your vote :
To vote go to http://themeforest.net/downloads then follow that link | And Download Our Promotion Themes
Thanks and have a nice day!
Hi Ha,
The plugin can be hacked such that the website can be compromised. Please Google "vulnerable to Server Side Request Forgery (SSRF)". From the posting:
Dave Jong (Patchstack) discovered and reported this Server Side Request Forgery (SSRF) vulnerability in WordPress Wpopal Core Features Plugin. This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information of other services running on the system. This vulnerability has not been known to be fixed yet.
Your developer will need to reach out to Dave Jong and find out what he did to expose the issues. All websites using this base tooling will now be exposed and they will show as vulnerable. My hosting provider and WordPress console both show my site as vulnerable now. This is something that is in your company's best interest to fix as soon as possible.
Let me know if I can help you further.
Looks like he's using some kind of software to scan the plugin and issue warnings.
The messages are very general and do not specify the problem the plugin is having. I have also read warnings from other plugins, all of which are very general and do not specify the problem the plugin is having.
We'll keep an eye on this, but as of now none of our customers have been hacked through this plugin, so don't worry too much about it.
Support Team
We are located in GMT +7 time zone and we answer all questions within 12-48 hours on weekdays. In some rare cases, the waiting time can be to 48 hours. Support tickets sent during weekends or public holidays will be processed next Monday or the next business day.
If you like our theme, Please vote it 5 stars. We are really really appreciate your vote :
To vote go to http://themeforest.net/downloads then follow that link | And Download Our Promotion Themes
Thanks and have a nice day!