-
Search Results
-
In reply to: WEBSITE HACKED
Hi,
Thanks for the update. If you want answers fron Wordfence, then I would suggest that you reach out to them directly or refer to their documentation.
Best regards,
RikardHey John Yates,
Thanks for reaching out.
We were able to check one of the sites, and the “Sort By: and “Display:” links seem to be working as expected. After refreshing the page, Wordfence locked us out, so we couldn’t inspect the site further. Is this issue still occurring in version 7.1.1?
Best regards,
IsmaelIn reply to: Blog page isn’t viewing correctly in Safari
Hi Mike,
Someone at Kriesi had disabled a few plugins and hadn’t re-activated them (Wordfence, Speed Optimizer and WP Rocket).
It looks like the WP Rocket plugin was causing the problem as the issue returned when I activated it.
Thanks for your help
GrainneIn reply to: New Vulnerability?
Hi,
These reports are fixed in latest version 7.0.
- WordFence vulnerablity fix: limit download of theme options to admin only (discovered by mikemyers)
- WordFence vulnerablity fix: removed not needed function avia_ajax_get_image_color() (discovered by mikemyers)
Please update to this version.
Best regards,
GünterTopic: New Vulnerability?
I just got multiple alerts from WordFence regarding an Enfold vulnerability. Attaching content from them below:
I am assuming you were already aware of it, but if not, wanted to send to you as soon as I got it.
Hello,
I’ve been using the Spacer plugin by Justin Saad on our website. For us, it performs two functions:
(1) Add vertical space (by pixel height) between elements.
(2) With an add-on called “Panels”, to add a custom panel or text box highlighting information, like those in pages linked below).Note importantly that this is in the basic classic editor, not using the Avia Layout Builder.
Sadly, the developer of this plugin has ceased to be active, and the plugin is now listed on wordpress.org as “closed” since December of 2024. It still works, but I’m worried because I’ve used it extensively and my Wordfence security plugin is sending me dire warnings about the continued use of this plugin being a “critical” issue.
I’m wondering:
(1) Is there an alternate plugin or plugins that I could use to do the jobs above, or
(2) Failing that, is there some other approach: some code to insert or . . . .?Thanks for your help, as always. Lance
Topic: Header disappeared! lol
Hola!
My header disappeared and I can’t figur out how to re-establish it.
Any ideas?
I had something weird happening, like a hack or injection last month so Wordfence may be the issue.
Only thing that comes to mind.
I plan to move to another hosting company soon and may just re-build but perhaps you see something obvious? :)I have been racking my brain trying to get the galleries working on a new site. I kept trying to update, change the images and nothing would change. If I used the basic Gallery, it would just pick the last 5 images in the media library and would show “no items” in the edit gallery page.
I switched to Masonry and it would allow changes to columns and sizing, but again “no items” in the edit gallery page and the on the gallery page it just displays every image in the media library.
Same if I switch to horizontal gallery.
Additional Troubleshooting so far:
I tried:
Different browsers (Chrome, Edge, and Firefox)
Disabling browser anti-virus
Different machines
All elements should be up to date
Disabled all caching
I rolled back to enfold theme proper from the enfold child theme in case I messed up the php (trying to get header widgets working).
I disabled all plugins except the management ones (bluehost, jetpack, woocommerce) and even wordfence.
I tried through connecting through cell phones in case of firewall rules
I tried switching to a basic theme but those did not have any dynamic galleries to test with
I tried looking for errors in the cpanel logs (Found none for this site)
I tried making new pages
I made sure the user was connected to wordpress.comso any ideas?
I should also note that Enfold instructions on adding flex parameters to header widgets did not work me as it gave me a php error on anything that started with a “.” (So .responsive, .media, etc would not work). Not sure if related but I may start a separate topic on it if its not (Flex somehow not installed?).
Update: I was shown by the hosting service how to check the wordpress error log correctly and found an error:
PHP Warning: Undefined variable $permalink in
~wp-content/themes/enfold/config-gutenberg/class-avia-gutenberg.php on line 1463keeps repeating over and over. I’ll try a fresh reinstall with a new downloaded copy.
Update 2: Reinstalling seems to have removed that error, but did not solve the original issue. Ideas?
-
This topic was modified 11 months ago by
. Reason: Additional info
-
This topic was modified 11 months ago by
-
This topic was modified 11 months ago by
-
This topic was modified 11 months ago by
-
This topic was modified 11 months ago by
In reply to: Social media icons missing
Hey,
I think the issue is related to the security measurements you have on your server. The updated X and Instagram icons are missing in the Icon element as well.
WordFence doesn’t allow me to reinstall Enfold even though WordFence is deactivated in WordPress. Could you please disable the security measurements you have on your server for the staging site if possible? If it’s not possible for the staging site, please disable it on your server temporarily, reinstall Enfold on the staging site, and check if that fixes the issue.
Regards,
YigitTopic: Possible problem with enfold
Hello,
We are having a problem with the casamariol.com website. Everything is updated. As it is a website in production we have duplicated it to test.casamariol.com
We are having different problems: cannot access the backend gives error 500, cannot save pages, …
We scanned the site with wordfence and found a file with email code in the root. wp-init.php, is now removed.
We have disabled all the plugins and the site is still not working.
We have installed the twenty twenty five theme and it seems that the backend can be accessed fine.
I have received some email from WordPress with the errors it gives, they are the following:
Un error del tipus E_ERROR s’ha produït a la línia 1065 del fitxer /home/customer/www/casamariol.com/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php. El missatge d’error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 212992 bytes)
Un error del tipus E_ERROR s’ha produït a la línia 1045 del fitxer /home/customer/www/casamariol.com/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/class-asset-manager.php. El missatge d’error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 315392 bytes)
Can you take a look and see what could happen?
Thank you,
Topic: Font not loaded
Hi,
font-loading is buggy. I defined Serife Pro for Header and Open Sans for bodytext. In the Chrome-Inspector I can see, that css does it right, but Arial is rendered. Whats the Problem here? I post the URL in the private area.
Before you ask: This also happens when I disable the cache and security plugin (WPoptimize and Wordfence).Thanks for helping out immediatley, my customer is kinda upset of this….
Best
TimHey Eduardo,
It looks like Wordfence is blocking access to your site, could you lift that rule for now please?
Best regards,
RikardTopic: WP 6.7 Upgrade
Hi – I have been working on website issues for over 8 hours today – no fixes. I have 11 websites running your theme. I did have a problem with WordFence which they are aware of – however, just one of 11 websites is giving me an issue not only with WordFence but when I update to WP 6.7 Enfold no longer has the visual editor. Only block editing is available – again, odd as all other 10 websites are now fine. Can you look to update to 6.7 and see what happens to the theme?
I would give you access to the website – but I am concerned WordFence will block you.
Please let me know if WP 6.7 has effected anyone else with the theme.
In reply to: Wordfence scan : “sodium compact”
Hey Hank,
We can’t answer questions about Wordfence unfortunately, please try reaching out to their support instead.
Best regards,
Rikardhi guys, i just upgraded wordpress and suddenly Wordfence pointed hundreds of unkown files ? like all the files suddenly became unkown ?is it a wordpress bug or php version maybe ? i am with 8.0
any idea ?
In reply to: Easy way to use ACF to drive EasySlider?
In reply to: Easy way to use ACF to drive EasySlider?
Hi,
Thank you for the update.
We received this Wordfence error when we try to access the site:
Your access to this site has been limited by the site owner
Your access to this service has been limited. (HTTP response code 503)If you think you have been blocked in error, contact the owner of this site for assistance.
Please disable the plugin temporarily.
Best regards,
IsmaelIn reply to: Backend page edit view broken
In reply to: Backend page edit view broken
Hi,
Thank you for the link to your site but your Wordfence plugin is blocking my access, please disable. Also please upload your video to DropBox or similar and link to it here so we can view.Best regards,
MikeIn reply to: Recommended Plugins
Hi,
Many users use Wordfence Security without any issues
Blackhole for Bad Bots is also good.Best regards,
MikeTopic: Unresolved vulnerability?
Has the vulnerability identified by WordFence in the link above been resolved yet?
My hosts routine scan has highlighted Enfold <= 6.0.3 is vulnerable to Stored Cross-Site Scripting.
Is this already known about? If so, any idea on an update/fix? The JetPack ‘fix’ seems to remove Enfold and activate the default theme so probably not the best fix.
Enfold <= 6.0.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via wrapper_class and class Parameters
Description
The Enfold – Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wrapper_class’ and ‘class’ parameters in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.https://wpscan.com/vulnerability/92c563a1-acef-4191-b8ea-f6746ef0ee76/
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/enfold/enfold-603-authenticated-contributor-stored-cross-site-scripting-via-wrapper-class-and-class-parametersTopic: Wordfence: Enfold
From WordFence:
Enfold <= 6.0.3 – Authenticated (Contributor+) Stored Cross-Site Scripting via wrapper_class and class Parameters
DescriptionThe Enfold – Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wrapper_class’ and ‘class’ parameters in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CVE CVE-2024-5061
CVSS 6.4 (Medium)
Publicly Published August 29, 2024
Last Updated August 29, 2024
Researcher stealthcopterHowdy. Are you guys aware that WordFence has flagged the current version of Enfold (6.0.3) for security vulnerabilities? Hope you have a fix coming soon. Thanks.
Enfold <= 6.0.3 – Authenticated (Contributor ) Stored Cross-Site Scripting via wrapper_class and class Parameters
The Enfold – Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wrapper_class’ and ‘class’ parameters in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Topic: Cross-Site Scripting
I just received this in case you are not aware.
If there is a quick patch please share it, if not, please release an update.
In reply to: Site Health issue after recent update version 6.0.2
Hi,
Thank you for the login, I believe that this is due to one or many of your plugins, I have many plugins on my demo site and I don’t see this. But I don’t have the same plugins as you.
I see that your 404 to 301 plugin has 394,577 items and your Core Web Vitals plugin is storing 284 URLs
I also see that your Wordfence Firewall is storing a block list of 19,985
So the message that you see could be from one, or all of these as they are stored in the database. The only way that I can think of checking is to uninstall the plugins, simply disabling will not clear the database.
You could try a plugin like AAA Option Optimizer but I have not used it and it doesn’t have a lot of activations, so it might be risky. I recommend ignoring this message or try these suggestions on a staging site so your live site won’t crash.Best regards,
Mike@Guenni007 I’ve seen also in one of my sites,, Deleted the four files by Wordfence..
a note : my Wordfence scan shows that after the last WP update, old files from the previous version remained in the folders – and these are mainly related to the editor files!
In reply to: woocommerce login redirect to another page
