Just checked on another site not updated the theme and core yet and it’s working fine

https://nimb.ws/lKgJuDU

Ok thats not a simple solution is it?? should have to g over to media, upload, copy URL add to description add a
etc etc

Oddly you being programmers, it’s a an easy add! You already add the top product description and under category etc

In simple terms I just considered that the custom header image, would be a header image which would appear above content of the category, so that way you can do branded banners for each category

Having to go via shortcode for static blocks is all too much work for just adding an image each time

Not the greatest of answers, why would I want to setup a static block every time, oddly it says add customer header image and in the settings there is an option of where do you want the banner

But having to go off and create a static block and etc is a load of unnecessary work!

Sorry finally resolved, it was WP Code which had been hacked and code added

Ideally as Twitter is fully rebranding, can you in the next update, just change the icon reference and change the word Twitter to X

if you make it a new selector, i’ll need to change all my websites using Xstore, which isn’t ideal.

Ok so what seems to be confusing here is, that the file always did work, I thought the file you sent, had some sort of different code etc, but the original one has always worked.

What appears to be happening is the file is being replaced with the one I sent you, if you review the file you should be able to see the malicious code that is scraping additional card details.

What I’m trying to say is, it only changes either xstore or xstore child themes, so is there an unknown vulnrability in the theme that is allowing a malicious code to be added

I initially noticed that the the double card fields disappeared everytime we updated the theme.

Is the permmisions on that file correct? can it be changed to still operate but to prevent outside amends? I don’t know if the file is being replaced or the malicious code is being injected into the file.

Hi, the file that works is either the original or the one you sent, this is then replaced with a scrapper type version.

It only appears to effect the child theme of xstore

how do I send you files, wetransfer won’t let me upload it

Ok so it’s been replaced again, this time, the one in the Xstore theme and the one in the child theme got replaced, the main one in Woocommerce didn’t

Are these specific to Xstore as it’s seem to be a vulnerability within the xstore theme

Its not re-writing plugin files, it’s your theme which is having it’s file re-written.

I’ve already copied the original file from woocommerce and replaced the one in your theme, which I have to do in order to remove the issue.

Do I actually need this in the to Xstore folder?

I’ll try the child theme route and see if that makes a difference, but just to confirm you understand there is only one file within the Xstore theme that is being replaced

ironically we have do have a monitor, which just told us someone from Ukraine did just login

Video in private, it’s also been documented elsewhere in regards to theme issues, I tried their fix but it didn’t make a difference

https://stackoverflow.com/questions/28627839/duplicated-payment-methods-field-on-checkout-page-woocommerce

Sure

Quforms prevents caching, which means quforms plugin is preventing the websites caching to work, so quform prevents caching on the website, from quforms, no caching, prevents caching, quforms.

set-cookie: quform_session_2bae9f89c87adad3df05af041d2299c1=tIi4hfjCSZQXXxiX87yofbCslBrb5BiQF8jkjoHg; path=/; secure; httponly; samesite=None

FTP In private

In private

Another wasted reply!!

“I can’t update fonts on the site”, I don’t know how to explain the problem any easier!

You want me to send screenshots of the font not updating?