ACF Pro XSS Vulnerability

OK! Now we are somewhere. Turns out that this Slider Revolution issue was due to on older single Pro license that was part of another themeco account entirely. That older account belongs to my partner and he set that site up originally. It was never part of my Unlimited account until just now when I switched it over.

Once I used my license instead, I did have to delete the plugin and reinstall it from the Pro dashboard but that was easy and it fixed it right away.

I’ll also say that the license validation happened immediately as well – just like i’d expect it to. Obviously, this domain has had its DNS correctly configured for years. This makes me think that the difference is when we create new sites with a fresh DNS configuration there is some problem with that side of things. You said we could eliminate that as a possibility but… I’d like to put it back on the table. I really think that theory has legs.

Sorry for the confusion about the Slider Rev portion of this discussion That was my bad. There are other sites in my Unlimited account that start with the word “charlotte” so it didn’t jump out at me. Anyway, that part is 100% now and it all makes sense. If we can solve the License validation issue, we should be good to go.

Thanks @charlie

Great glad that fixes the package update issues.

So if it’s a DNS / Domain thing. Internally we use the following function. Which works differently if the site is a multisite. If your problems exist without using multisite we can probably scratch the multisite config being the problem.

You are always on the correct domain when you attempt right? IE your not on a raw IP. You don’t currently have a site doing this right? We could probably scratch this off too if adding a wildcard subdomain A record removes the issue on your end. I’m trying a DNS test on my end, just waiting for it to take change and then do a fresh install.

Some takeways already, it’d be nice to see the domain it’s going to attempt the validation on the validation page. And a secret section where an admin can see which license is in fact installed would be nice too.

Multisite is not a factor.
I am always on the correct domain, yes.
Standard subdomain: newclient.gestaltcreations.com.
I do not have one set up currently that is in the middle of this issue.

The problem is that when I go to set one up like this again, we’d have to coordinate so you could do your tests. We’d have to be ready at the same time. As far as which license it would use, I always use the same unlimited license key I have when setting up a site as described. So that part can be provided to you and relied upon to be accurate.

How could we coordinate a testing time that would be convenient?

I’m here central American time 9-5. Tomorrow or Friday I can take a look if you want to get a sample site going. 1pm sounds good with me, but let me know.
The next time I see the issue at with any unlimited I’ll check our what our cache says before trying to validate for them as well to see if it’s a cache issue.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.