Insecure Elements in Themes?

  • Author
    Posts
  • #146919

    Hi

    Someone just indicated that some of my WP sites (Cryout Nirvana (tallguydigital.co.uk) & Bravada (3modx.org.uk) are showing as unsecured in Firefox
    ALL sites seem to show as OK in other browsers
    I looked at the SSL/TLS Status page and couldn’t see anything that stood out. I also checked a few htaccess files and again couldn’t see anything obvious.
    With some further digging the problem seems to come from some Cryout elements which still show http rather than https e.g.
    1. footer id=”footer” class=”cryout” itemscope itemtype=”http://schema.org/WPFooter”
    2. the “Powered by” links go to http://www.cryoutcreations.eu and http://wordpress.org/

    Thanks in anticipation for any advice

    Website: 3modx.org.uk

    #147704
    Steve Procter
    Power User

    Hopefully this will be fixed soon, but no one is replying here or to support tickets 🙁

    #147802
    Elke Wetzig
    Power User

    Hi, I don’t think simple hrefs can cause these warnings. The mixed contend in your websites seem to be caused by your cookie and/or chat plugin:

    http://3modx.org.uk/wp-content/plugins/cookie-law-info/lite/frontend/images/revisit.svg
    http://3modx.org.uk/wp-content/plugins/cookie-law-info/lite/frontend/images/close.svg
    http://agilecrm.s3.amazonaws.com/livechat/assets/whatsup-chat.png.

    Some browsers might block the external unecure sources right away (chat), or you see your site only with non-visible cookie bar/cookies set, that might influence the different browser behaviour.

    #148403

    I hope this gets resolved soon, but it’s frustrating that no one is responding here or to support tickets.

    Website: spotiapks.com.br

    #148438
    Steve Procter
    Power User

    Hi Spotiapks, I have sent several emails about the recent updates to some themes etc, as I need to resolve some issues for customers, but no one has bothered to reply.
    I have let my subscription lapse, so I cannot get the recent update to creative content, but I’m not paying for another year, if only 1 update is being pushed out and support tickets are still being ignored 🙁
    I’ve been using them for over a decade, and to be treated like this is disgusting when we know they are still somewhere behind the scenes, but not interacting with customers.

    #148560
    bassicsax
    Power User

    I hear you @Steve Procter. I am at the same point. I haven’t let my subscription lapse… Yet. But unless something changes I am going to have to.

    I understand there is a bunch of stuff going on behind the scenes we don’t know about, and the war in Ukraine has really done a number on them, but they are still running a business and have paying customers. IDK what they are thinking.

    I did submit a priority support ticket this morning about an Input validation vulnerability in Bravada 1.1.2 that came up in my SSL software update. Wordfence isn’t showing an issue though. Strange, huh?

    Oh well, let’s see what happens. I am not really wanting to switch all my sites away from from CC, but will if I have to. 🙁

    Website: bassic-sax.info

    #148567
    Rocky Trifari
    Power User

    Hi guys, I am also considering switching as my subscription has also ended last month and I’ve been unable to reach Zed for at least one year, maybe even 2 at this point. To be honest, I assumed the worst here and was completely convinced something very, very terrible happened to the developer. But then, one of my Cryout plugins got an update 2 days ago, which tells me… someone’s still here and working behind the scenes. I’m very confused what is going on and wish there was just some sort of an explanation. Whether it’s lack of time, stress, illness, injury, or even loss of passion, I don’t even care at this point – I just want an explanation as to what’s happened. I feel like I was ghosted, haha. I’ve poured my heart and soul into customizing my website’s theme over these past 7+ years and the thought of needing to switch and potentially “start over” with some random theme from someone else nearly makes me want to have a mental breakdown. But, eventually, I’ll have to come to terms with that reality…

    #148584
    Steve Procter
    Power User

    Good morning from England guys,
    I know there is a lot going on for the Cryout Team, BUT, they can release minor fixes, post a small article on a blog, but then not reply to anyone, even though some of us have been paying them for years. My support requests from last November (with an active subscription) have still not been answered.

    It is sad and frustrating, especially when all it would take is a simple email to all customers letting us know what is happening at the CC headquarters. A small roadmap of hopes would be brilliant, as three of the themes we currently use are having issues and giving errors, but what do we do?
    If I source another company, then I need to change all my customers themes, and that would be a nightmare, as I’m sure it would be for all you guys too.

    I honestly do not want to abandon Zed and the team, but they are leaving us very little choice!

    #148647
    lynnvr
    Power User

    Aha, I am glad I am not the only one having troubles. Unfortunately, I am not a developer, only manage a few sites (free) for clubs/associations of which I am a member and for myself. Since the latest php and wordpress updates, I have been having problems with plug ins that have always worked (ninja forms, Stripe payments in Events manager, etc.). Their managers say it is not a problem with the plugin, probably with my theme (parabola) compatibility. What to do if no replies? Sigh…

    Website: www.sterrenwacht-gv.nl

    • This reply was modified 3 months ago by lynnvr.
    #148703
    Rocky Trifari
    Power User

    Agreed, we have been left with very little choice. In my case, thankfully, I am not yet encountering any errors or incompatibilities with my theme (at least, nothing major that I can’t work around) which is pretty wild considering it has been OVER 2 YEARS since the last update. At this point, my main concern is keeping up with security patches and code best practices, areas where all of us are objectively falling behind by continuing to use code that’s not being monitored or updated.

    I suppose it would be smart for us to get ahead of some catastrophic failure by beginning to look elsewhere or in my case, potentially find someone to hire to help reconstruct everything.

    #148725
    xofmedia
    Power User

    I too am supposed to have priority support. I’ve filed 2 support tickets in the past few months and have heard nothing back. In my case, a few of the themes are giving me an error when displaying the landing page and I’ve got “display comments” enabled. I’ve been able to produce some work arounds with CSS hiding the “itemprop” link for now but I would like the comment link displayed without diving in to the the theme files. I’m used to working through the child.

    Running debugging, I can see there’s deprecated code running $(var). It’s now ($var). I can see it in the serious slider plugin, cryout featured content plugin, and few things in the themes throwing more errors.

    I am a developer… but I run these themes so I will have less to worry about. I too am hoping nothing serious has happened to Zed. He was in the habit of replying almost immediately to my support tickets. I had some hope when I saw the update (someone there is working), but I still haven’t heard from support and my issues weren’t addressed in the update.

    I may have to start looking elsewhere before my renewal comes up. I too have several websites to worry about.

    ~kevin

    Website: xofmedia.com

    #148726
    bassicsax
    Power User

    FYI, I did get a reply from Kay to my Priority Support request. (I should mention it came in a day after I sent the request, I just didn’t see it.) It reads:

    Thanks a lot for the info, we’re in the processing of addressing that for a future theme update.
    Thanks again and have a great day!

    If we can helping you further, please reply to this email or create a new ticket.
    Kay, Cryout Creations

    OK, so this gives me reason to hope. I have to say, the Bravada theme and Plus themes I use have been updated over the last 6 or so months.

    I am guessing CC had some personnel reductions? IDK, but at least we have reasons to be optimistic, b/c like so many of you, I am not a developer. I just have my own sites, and those of clients. If I did have to switch, I couldn’t pass that cost on in a way that would truly off-set the time I would have to spend on such an enormous job.

    • This reply was modified 3 months ago by bassicsax.
Viewing 12 posts - 1 through 12 (of 12 total)

You need to log in to reply to this topic.