Forum Replies Created
Hello,
If I deactivate Bootstrap CSS, the whole layout of the directory-page gets broken.
Kind regards,
Waldemar
Hello,
is it possible to tell me a code-snippet to disable this function?
Kind regards,
Waldemar
Hello,
this is what I get from the security researcher:
I Mr. RAVI PRAJAPATI a white security researcher founded a Cross-site Scripting (XSS) vulnerability https://www.multitalent.ag
what is cross-site scripting?
Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application. The actual attack occurs when the victim visits the web page or web application that executes the malicious code. The web page or web application becomes a vehicle to deliver the malicious script to the user’s browser. Vulnerable vehicles that are commonly used for Cross-site Scripting attacks are forums, message boards, and web pages that allow comments.
Steps to reproduce
1. Using any browser (except IE), go to https://www.multitalent.ag/ru/?__wpdm_pdf_viewer=%3C/SCript%3E%3CsvG/onLoad=prompt(9)%3E
2. you will get pop of XSS
The proof of concept is attached below.
NOTE: https://www.multitalent.ag/ru/?__wpdm_pdf_viewer=%3C/SCript%3E%3CsvG/onLoad=prompt(9)%3E
the screenshot is attached to verify
for better understanding refer this reports :
https://hackerone.com/reports/292457
https://hackerone.com/reports/150568
https://hackerone.com/reports/474656
Impact of XSS :
1.Stealing cookies
2. The attacker can execute JS code.
3. The attacker can steal data
Kind regards,
Waldemar
Hello,
it would be nice, if could tell me a code-snippet to disable this function. If possible without to change the main-files, so this changes won’t be deleted after update.
Kind regards,
Waldemar
If I open the package, the child category is not the active one, it’s the wrong one, where the package is also available.
The package is available in two child-categories of different parent-categories.
So if I open the package in the child-categories of parent-category B, the breadcums shows me the categories of parent-category A.
You can see this on https://www.multitalent.ag/service/aktuelle-angebote-dokumente/
(Font Awesome is deactivated on WPDM)
If Font Awesome is activated on WPDM, you can see that the icons on the homepage (https://www.multitalent.ag) aren’t working right.
Hello,
Betheme is on the newest version and WPDM (v. 5.0.1), but the issue is still there. If I deactivate Font Awesome on WPDM the Icons on the Page are working right but the Icons of WPDM aren’t working.
If I activate Font Awesome on WPDM, the Icons are working on WPDM but not all on the page (BeTheme + Visual Composer).
Do you have any fix for this?
Kind regards,
Waldemar
Hello,
I’ve set a download-tag to a package. The Tag is visible, but if I click on it, the archive-page is blank.
Kind regards,
Waldemar
Thank you. I will try this.
But I think, this is not a really easy solution for future. Maybe other users would like this option too. if this would be a feature in WPDM.
Kind regards,
Waldemar
Oh sorry, your’re right. My mistake.
I wrote in the false post.
My question was reffered to “https://www.wpdownloadmanager.com/support/topic/hide-everything-and-access-by-categories-is-not-working-well/”, Point 2
“2. The Widget “WPDM New Packages” doesn’t show any files for users (USER A) which have permissions to some categories and the files are for example older than the new ones (for which the loggedin user doesn’t have the permission). User B with other permissions can see the new files, for which he have the permissions. In this case USER A have to see the older files. USER B see also the new ones.”
Do you have something new for this? You wrote “However, found the issue that creating this situation. But the patch is rather lengthy. So, we will fix it in our next release.”
Kind regards,
Waldemar
I have the problem, that all filenames are in german. All Packagename are translated to different languages.
In my example I have one file in 9 different languages. So one Package have the File in German, the other Package have the file in English or in other language. Each package is duplicated in all other languages, so all users can access the files in German, English or in other language.
But if I have to delete an old version of one document, I have to search for the packages in all different languages. This costs a lot of time. If I could search for filenames it would be much easier and faster.
Attached you will see some documents in different languages.
Hello,
After some tests, the Point 1 (Widget WPDM_Category) is working on the default language. But the translations aren’t visible. All Translations are duplicated from the default language and the widget is set to “Multilingual”.
Could you please have a look on that? I think it needs a small change in the code, which was updated.
Kind regards,
Waldemar
Hello,
I don’t see any changes for Point 2.
Point 1 is working well.
Kind regards,
Waldemar