Code

Discussion on Adning Advertising - Professional, All In One Ad Manager for Wordpress

Discussion on Adning Advertising - Professional, All In One Ad Manager for Wordpress

3.75 (475 ratings) 3.75 stars
Cart 9,313 sales
Recently Updated Envato Checkmark

tunafish supports this item

Supported

15 comments found.

Ok, so that AdNing plugin has another security vulnerability (even the newest 1.5.6), we just discovered. We will try to report that as well. But their whole upload/add/edit procedure is a tragedy. We advise to remove this plugin from server until they will clean up their security issues.

Hi, are you guys aware (we have your license) that your AdNing plugin may have critical security vulnerability, allowing to upload linux executables for hackers/crypto miners. Only yours plugin had a security patch 1.5.6 on June 26th, no other plugins that we have installed (all they are known and trusted as yours), and your patch 1.5.6 compared to 1.5.2 that was on June 15th installed, has some core updated regarding permission check with unauthorised uploads. But still how even then it is possible to upload linux executibables, not images, is there is upload scanner at all in your system. All list of plugins are listed there: https://wordpress.org/support/topic/wp-admin-wp-update-a-virus/ And are you sure that 1.5.6 patched the security risk?

Not only images, appears that you can upload anything. Not even vidoes, but scripts, linux executables. I’ve also sent you an e-mail via PM here, can you reply to it, so that I could list you all issues in security.

Hi, It seems there’s a security vulnerability in the plugin …

Got error ‘PHP message: PHP Warning:  move_uploaded_file(../Vuln.php): failed to open stream: Permission denied in …/wp-content/plugins/angwp/include/classes/ADNI_Uploader.php on line 171PHP message: PHP Warning:  move_uploaded_file(): Unable to move ’/tmp/phpp9PjwC’ to ’../Vuln.php’ in …./public_html/wp-content/plugins/angwp/include/classes/ADNI_Uploader.php on line 171’

​The plugin author needs to fix this security hole by validating the uploaded file properly, validating if the user has the required permission, authentication and the nonce token etc. Uploading rogue files is a major vulnerability that has the potential to do a lot of damage…

Could you let me know what is doable for that ?

Thanks in advance, Nicolas

Hello there, we currently suspect this plugin has a security breach somewhere. We have 2 sites which were simultaneously hacked, which only shared this plugin.

See here: https://wordpress.org/support/topic/where-to-report-vulnerabilities-exploits-detectections/ https://wordpress.org/support/topic/wp-admin-wp-update-a-virus/

Hi. I have your plugin for two years. Now i want to change the site that it is used on, and the license key is not valid. I follow the instructions when uninstalling in the previous site, but it does not work. I ask you to reset the license, and you want to force me to renew the support, because of security measures that you´ve created.. So not cool tuna…

I have a recommendation. I suspect many users of this plugin bought it so their advertising system can be more streamlined and less cumbersome of a workload.

However, I feel like I’m getting pinged every day or two to update. Obviously I can ignore these…and I do. But even the email I receive telling me to update makes me to come to Code Canyon, just to make sure I’m not missing an update that’s security oriented.

May I recommend that you follow a pattern of updating on a weekly basis or something, at the most? I hate having to jump over to this site frequently just to see what today’s update entails.

Thanks.

Trust me, I understand the desire to improve the plugin. I gave you 5 stars and I like the plugin generally speaking.

It’s just feedback as a customer. Take it or leave it. I can’t fathom any customer of any plugin wants to update any one plugin multiple times per week, that is a major productivity drag—and I see others have mentioned this.

Personally, I’d rather just switch to a plugin that’s comparable, stable and secure and I don’t have to scramble to see if today’s update plugs a major security hole.

I have buy license for plugin WP PRO ADVERTISING to use my site www.anexartitos.gr. After change security on my site from http to https the product WP PRO ADVERTISING is deactivate, and when put my license key display the message “This license has already been activated on http://www.anexartitos.gr". i want to tranfer my license to new address

Hello,

Love this plugin, everything is working great, except the ‘Get Code’ link. When I click it I get this:

Warning: require_once(../../../../../wp-config.php) [function.require-once]: failed to open stream: No such file or directory in /nfs/c10/h05/mnt/149524/domains/demo2.fantasticosports.com/html/fs_maxima/wp-content/plugins/wp_pro_ad_system/includes/thickbox_files/get_adzone_code.php on line 2

I think what it’s trying to tell me is that wp.config.php isn’t where it normally expects it, which is true. For security reasons, I have moved it. Anything I can do to resolve this?

Thanks, Jim

How do you upgrade?

In that case you will need to find another way around to allow .swf uploads again.
Have a look at the official security fixes for the WP 3.6.+ under Summary -> Additional security hardening: Updated security restrictions around file uploads to mitigate the potential for cross-site scripting. The extensions .swf and .exe are no longer allowed by default. Wordpress v3.6.1

Hi there. I just bought this plugin in order to show flashbanners on my newsportal. However, when I have selected a flashbanner, and filled out the forms I get this message shown below – as no banner was selected in the first place. Do you why this problem?

Warning: getimagesize(): Filename cannot be empty in /customers/1/3/8/rogvi.net/httpd.www/online/politikkur/wp-content/plugins/wp_pro_ad_system/templates/pages/banners.php on line 614 x

thanks. problem is your website does not allow .swf files to be uploaded. Error: “Sorry, this file type is not permitted for security reasons”.
You will need to make sure you can upload swf files. thanks.

Hi Tunafish,

Just purchased WP Pro Advertising along with Buy and Sell Ads add-on and loving it so far!

Is there any way to setup ad packages? So when an advertiser buys an ad space they can select options to purchase it for 30 days, 6 months, or a year, and purchase a package for multiple ad spaces at a discount? I have different ads positioned on different pages of my site based on city, whereas my home page is another section to position an ad by the same advertisers if they so choose so providing a special rate or ad package would help. Also I want to provide a special (incentive) rates for duration of the ad postings. I am using the Buy Sell Ads with PayPal (eventually may use Stripe) as my site is not PCI-DSS compliant so I do not want collect credit card payment via my site directly for security purposes. Is there a way I can do what I need within the Buy Sell add-on purchased? Does the Woo Commerce Buy Sell add-on allow this functionality, setup ad packages with PayPal (and Stripe) and above payment options?

Thank you!

Hi, When with WP_Debug ON in Back End I have the errors below:

Warning: getimagesize() [function.getimagesize]: http:// wrapper is disabled in the server configuration by allow_url_fopen=0 in /nfs/c07/h01/mnt/178872/domains/ibrasurf.com.br/html/wp-content/plugins/wp_pro_ad_system/classes/Pro_ads_Banners.php on line 25

Warning: getimagesize(http://www.ibrasurf.com.br/wp-content/uploads/2013/11/c412704340cb6c73069a141d0ff888ed.png) [function.getimagesize]: failed to open stream: no suitable wrapper could be found in /nfs/c07/h01/mnt/178872/domains/ibrasurf.com.br/html/wp-content/plugins/wp_pro_ad_system/classes/Pro_ads_Banners.php on line 25

Also the Flash Banner is not working. When I upload it not show up in the list or preview

Also the column list that show the size is not working since about 3 updates ago…...it just show “x”

Any clue about this problems?!

Thanks!

Hi, I had to turn it on: allow_url_fopen = 1 in my PHP.ini. But the server say I should notify the developer about that because of security..... Here it is: https://kb.mediatemple.net/questions/793/Why+is+allow_url_fopen+disabled+on+the+%28gs%29+Grid-Service%3F#gs
Also had a similar issue as above… ? this is what I see when adding a banner… but, the banner image still shows up. http://01ee760.netsolhost.com/

Warning: getimagesize() [function.getimagesize]: URL file-access is disabled in the server configuration in /data/13/1/126/23/1289675/user/1380122/htdocs/wp-content/plugins/wp_pro_ad_system/templates/pages/banners.php on line 618

Warning: getimagesize(http://01ee760.netsolhost.com/wp-content/uploads/2012/02/bjrentals.gif) [function.getimagesize]: failed to open stream: no suitable wrapper could be found in /data/13/1/126/23/1289675/user/1380122/htdocs/wp-content/plugins/wp_pro_ad_system/templates/pages/banners.php on line 618

I don’t think getimagesize() is possible anymore with some servers… ??? I am using Network Solutions for this one. I was referred to this article: http://www.networksolutions.com/blog/2010/01/update-attack-on-network-solutions-hosting-customers/

The errors mentioned… manifest themselves when your website is attempting to retrieve outside web URLs. The solution is to use the PHP Curl library to do so instead, which is more secure. How you use PHP ‘s Curl library to circumvent this issue depends on which warning you’ve received.

ALSO, i sent a message through your contact form TF page regarding being able to add WP users & Advertisers (using the add-on which i also purchased)... ? Did you get that ?

Basically for the Buy and Sell add on… I want to use it so customers can sign in and view their stats. However, I don’t want to allow people to upload their own ads. How can one sleep at night wondering what someone else is going to advertise on the site? :)

It is a little strange because… the only way a person gets added as an advertiser is if there is an empty zone and they click on the ad space and subscribe as an advertiser.

I want to add a WP user. Then add that user as an advertiser. Then send the login information to the client and they can login to view stats.

I suppose I can work out some sort of system to register and subscribe the user myself, and upload the ad. However, how can I disable the client being able to create new campaigns, add banners, upload images…

when i was testing out if i could do this. i could even overwrite someone’s ad that was already in place… This would not be a problem if they are rotating images in this ad zone. however, i don’t have rotating images setup.

So, there lies another problem with advertisers being able to upload their own ad. they can choose an ad zone and it replaces someone’s banner.

your thoughts are appreciated. thanks.

I can see where collecting payments might be handy. But, i can’t allow clients to be uploading their own unapproved ads to the site.

Quick question: is it yet possible to import settings from the old version of this plugin?

>> we found out it would not be useful to only import the titles and nothing more.
I would be useful in that it would save a LOT of time in reuploading all the banners from scratch, and associating them with URLs and campaigns.
>> Anyway the old plugin still works perfectly fine so if you don’t want to start from scratch you can just keep on using it.
Yes it works, but presumably won’t get security fixes (if any are needed), bug fixes or new features.
So basically, old customers are screwed. Either spend a lot of time starting over, or use an old system which won’t be updated.
Sorry, I don’t mean to be unpleasant, but I find it somehow wrong that you think it is OK to just have people throw away many hours of work and start over, without offering at least something by way of help in migration (ie, import of old data). I certainly cannot recommend this product to others, if you consider this acceptable.

Why does your support system need these permissions (others seem to be OK): View your name, location and account balance View your account financial history Download the items you’ve purchased View your items’ sales history Verify purchases of your items

What is this data? Please only ask permissions for that and nothing else. Privacy and security is not a small thing for customers. There is no way you need e.g. “View your account financial history” or”View your items’ sales history” to verify our purchase of your items.

by
by
by
by
by
by