Our website ( comalmg.org ) uses the Post Carousel from the SiteOrigin Bundle. The Post Carousel is located at the top of our page and has stopped working sometime in the last week.
Clicking on an item in the Carousel normally links to a page of full information.
Now, only the picture from the post shows. All other text is blank and people are not linked to the page.
We have not changed how we make posts. The box to “”show post in carousel”” is checked properly in each post. I can’t see that any Admins have made unusual changes. And this has happened in all three of the Carousel boxes.
Does anyone know how to resolve this?
Thank you.
Hi, thanks for getting in touch.
The carousel at the top of the linked page is labeled X Post Carousel. The source of the carousel looks to be the X Framework plugin. I don’t think it’s our widget, assuming I’m looking at the correct carousel.
Thank you, Andrew. Will you please attach a screenshot of this label? I’m not seeing the labeling you’re describing.
Unfortunately, it looks like we have infected files due to malicious scripts that made it through the SiteOrigins Widgets Bundle scripting vulnerability before the WordPress patch was issued (see alerts issued February 12, and 13. Now having to do some major repairs.
Looking forward to seeing the labeling. That will help me a lot. Thanks again.
Hi, unfortunately, the forum doesn’t support email reply attachments but you can add links to images hosted publicly. Is your carousel explicitly labelled SiteOrigin Post Carousel when editing in Page Builder?
(Assuming your site has Moderator role user accounts, the XSS vulnerability previously present required a Moderator role user account to be breached. How this breach occurs isn’t related to the issue. It’s just assumed that it happened in this hypothetical scenario.
The Moderator role user could then in theory have added Button Widget with a payload. Next the attacker would have to know a admin’s contact details, contact a site admin and convince the site admin to click the button with the payload.)
Hi again; here is what I can see from the front end. The carousel doesn’t appear to be ours.