This topic has 22 replies, 3 voices, and was last updated 6 months ago ago by Jack Richardson
We have seen this a number of times now, and the issue goes away if there is an xstore update, but we are seeing two credit card fields being displayed at checkout
I thought something else was causing an issue, but we get a complaint from customers of the client, we then jump on admin, normally there is an xstore update, once we update the theme, the issues goes away
Hello, Finleydesign,
Thank you for contacting us and for using XStore.
Could you please record a video of the problem?
We can’t log in, unfortunately. Just loader and that’s all. Please check. Do you have restrictions by ip or a plugin that may cause this issue?
Kind Regards,
8theme team
ironically we have do have a monitor, which just told us someone from Ukraine did just login
Video in private, it’s also been documented elsewhere in regards to theme issues, I tried their fix but it didn’t make a difference
Hello, Finleydesign,
We appreciate your prompt response.
At first sight, we do not see anything from our theme side that may affect your checkout fields.
Please check how it works with the default WooCommerce theme – Storefront activated on your site (go to Appearance > Themes > Install and activate the official WooCommerce theme Storefront for a few mins and check if your issue appears with our theme only or with the default WooCommerce theme too).
Let us know the result. In case you get the same result independently of the activated theme, it means there is really no XStore fault.
Thank you for your cooperation and we look forward to hearing from you soon.
Kind Regards,
8theme team
I need to re-open this ticket as this issue continues, interestingly it’s targeting the form-billing.php file within the Xstore theme, it replaces this file with it’s own and creates a double card entry, it appears to look like it’s scraping card details.
I can replace the file with a back up version, but 5-6 days later, it’s been replaced again
Hello, Finleydesign,
In this case, since you have determined that the plugin is fully rewriting the file, it is necessary for you to contact the author of the plugin to resolve this issue. This is because the rewriting of plugin files by another plugin is not a good practice, especially considering that the main plugin is named WooCommerce.
Alternatively, we can suggest copying the default file form-billing.php (the one you identified as being triggered) from the WooCommerce plugin to the child theme with the same file path. Then, the file will essentially be original, and this solution may also be suitable for you.
Kind Regards,
8theme team
Its not re-writing plugin files, it’s your theme which is having it’s file re-written.
I’ve already copied the original file from woocommerce and replaced the one in your theme, which I have to do in order to remove the issue.
Do I actually need this in the to Xstore folder?
I’ll try the child theme route and see if that makes a difference, but just to confirm you understand there is only one file within the Xstore theme that is being replaced
Hello, Finleydesign,
Thank you for the information provided. We would like to propose that you test the attached file https://we.tl/t-hpCZn51McR to see if it works properly. If it does, we will include it in the update.
Kind Regards,
8theme team
Hi, Ok but where am I putting this? in the child theme or the xstore theme?
And when you say test, i assume you mean it will work, but i am to test if it gets overwritten?
Hello, Finleydesign,
Yes, you can even upload the file to the child theme and check.
However, if the problem persists, you may upload the one that was there (i.e., from the default WooCommerce).
Kind Regards,
8theme team
Ok so it’s been replaced again, this time, the one in the Xstore theme and the one in the child theme got replaced, the main one in Woocommerce didn’t
Are these specific to Xstore as it’s seem to be a vulnerability within the xstore theme
Hello, Finleydesign,
We have not encountered any issues and are unable to reproduce the bug you reported. Therefore, we propose the following solutions:
1. Please try to upload the file again, which you can download from the link provided ( https://we.tl/t-yPMt4L69Hz ). Upload it to the child theme according to the path described earlier.
2. If this solution does not help, please apply the changes you initially implemented (download the file from WooCommerce to your child theme).
Kind Regards,
8theme team
Ok so thinking it was working, but last night it got replaced again from the child theme
I’ve got a copy of the corrupt file if you want to see it?
Hello, Finleydesign,
Please send the files that are working and those that are not.
Also, we are curious to know who is replacing the files in the child-theme, as we are certainly not doing it.
Kind Regards,
8theme team
Hi, the file that works is either the original or the one you sent, this is then replaced with a scrapper type version.
It only appears to effect the child theme of xstore
how do I send you files, wetransfer won’t let me upload it
Hello, Finleydesign,
You may use any other online filesharing service, and provide us with URL.
Kind Regards,
8theme team
In private, the file thats works is the one you sent me
Hello, Finleydesign,
Thank you for your response.
We would like to inquire about the reason why your child theme is experiencing periodic changes? We assure you that we are not influencing it.
We are trying to explain that if you have uploaded a file that works in the child theme and everything is fine, then there is no need to worry about it anymore. However, if someone in your child theme is overwriting/deleting that file, then it is a matter for you to resolve. You will need to deal with this and in principle, there will be nothing required from us.
Kind Regards,
8theme team
Ok so what seems to be confusing here is, that the file always did work, I thought the file you sent, had some sort of different code etc, but the original one has always worked.
What appears to be happening is the file is being replaced with the one I sent you, if you review the file you should be able to see the malicious code that is scraping additional card details.
What I’m trying to say is, it only changes either xstore or xstore child themes, so is there an unknown vulnrability in the theme that is allowing a malicious code to be added
I initially noticed that the the double card fields disappeared everytime we updated the theme.
Is the permmisions on that file correct? can it be changed to still operate but to prevent outside amends? I don’t know if the file is being replaced or the malicious code is being injected into the file.
Hello, Finleydesign,
We found that these HTML lines were inserted into your file – https://prnt.sc/RBmSrD_xNVop
By default, there is no such html code there.
Permissions for all files are set correctly in our theme package but could be modified on your server so you should check it there.
By default, we set 644 permissions for files (https://prnt.sc/QztIAZWqu-dF) so please, check if your child-theme files have the same ones.
Maybe your hosting provider will be able to assist you in this situation.
Kind Regards,
8theme team
This issue has reappeared, has naything changed in the theme that might have brought this back?
Dear @finleydesign,
We kindly request that you initiate a new topic, incorporating the provided wp-admin and FTP access credentials, as well as screenshots that illustrate the issue at hand. This will ensure that the details of your inquiry are current and comprehensive.
Should you encounter any further issues after an extended period, we advise that you create a new topic and reference the original discussion by including a link to it.
Warm regards,
The 8Theme Team
You must be logged in to reply to this topic.Log in/Sign up