jaccobmike

Forum Replies Created

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • December 3rd, 2025 at 18:15 in reply to: Insecure Elements in Themes? #156034
    jaccobmike
    Participant

    It looks like the mixed content warnings in Firefox are coming from the Cryout theme’s hard-coded HTTP links, like the schema URL and “Powered by” links. Even though your SSL certificate is valid, these HTTP references trigger the browser warning. You can fix this by updating the theme files to use HTTPS where possible, or by using a plugin that forces all URLs to HTTPS. Another approach is to add a filter or override in your child theme to replace those links dynamically. This should resolve the insecure content warning in Firefox without affecting other browsers. Website

    • This reply was modified 1 month ago by jaccobmike.
    November 19th, 2025 at 19:11 in reply to: Split: XSS vulnerability reported by WordFence/Jetpack #155903
    jaccobmike
    Participant

    Thanks for sharing the details. It appears that Mantra theme version 3.3.2 has a stored XSS vulnerability affecting contributor-level users and above. Since there is no known fix yet, the safest approach is to either remove or disable the theme until an official patch is released. Keeping plugins and themes up to date and limiting user roles can help reduce the risk in the meantime.

    November 17th, 2025 at 20:16 in reply to: Subscription #155839
    jaccobmike
    Participant

    Hi K12EVR, check your PayPal for payment status and contact the theme support with your transaction ID to resolve the pending order.

    November 17th, 2025 at 20:10 in reply to: Split: XSS vulnerability reported by WordFence/Jetpack #155838
    jaccobmike
    Participant

    I hope the problem has actually been resolved.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)