Hi,
I installed and set up this plugin on a website. Unfortunately not much later the form was used for a carding attack – a huge number of card credentials were tried in an apparently automated attack. The site owner then had to go through refunding all those that worked (and accept the financial losses since Stripe no longer refund fees on successful payments).
Please can you add some protection to the plugin against automated attacks? E-commerce websites have a lot of different approaches to this…
… though now that I look further, I see that you have some in your “Professional” version. I certainly have no problem with Premium plugins (one has to make money to be able to invest in keeping plugins alive), but please would you reconsider this? Essentially “close the wide open door in the free version for bots to cause havoc on your website and Stripe account” makes for a poor Premium feature. The free version isn’t really usable for anyone if installing it opens that door – anyone who installs it is a sitting target, just waiting for bots to find and exploit their site.
I’m not complaining – nobody has to give me anything for free (pay nothing, you’re owed nothing!). But as I say, “free version opens you up to havoc, but there’s a paid version to fix that” is an unpleasant experience, in practice even when that’s not what anyone intended.
David
]]>Hello, I am running Google Page Insight and I am seeing STRIPE JS on Home Page and all pages of my site, the payment form is only on a single page – how can I manage this ?
I see an old thread here on forum for same issue but no resposnse.
]]>The donation page that lists all of the donations is showing all listings to have todays date instead of the actual date posted.
]]>Does this plugin support this?
]]>Hi
When you run the Donation on here, it freezes. Nothing happens. No money goes through. and no error.
How can we resolve this please?
Simon
]]>The donation link does not work on Mobile. it gives an error message stating keys for idempotent requests can only be used with the same parameters they were first used with. try using a key other than ‘tV8ZkPio’ if you meant to execute a different request.
]]>Hello.
It seems that Bitdefender detects wpsd-front.js script as trojan:
https://i.postimg.cc/QNqkpmMj/trojan.png
but that’s a false positive, because the content of the script is this:
(function(window, $) {
// USE STRICT
"use strict";
//$('ul#wpsd_donate_amount li:first-child').addClass('active');
$('ul#wpsd_donate_amount li.amount').click(function() {
$('ul#wpsd_donate_amount li').removeClass('active')
$(this).addClass('active');
var wpsdRadioVal = $(this).data("amount");
if (wpsdRadioVal !== undefined) {
$("#wpsd_donate_other_amount").val(wpsdRadioVal);
}
});
var form = document.getElementById('wpsd-donation-form-id');
var stripe = Stripe(wpsdAdminScriptObj.stripePKey);
var elements = stripe.elements();
var wpsdDonateAmount = 0;
var style = {
base: {
color: wpsdAdminScriptObj.card_element_color,
'::placeholder': {
color: wpsdAdminScriptObj.card_element_color,
},
}
};
var card = elements.create('card', {
hidePostalCode: true,
style: style,
});
if (form != null) {
card.mount("#card-element");
card.addEventListener('change', ({ error }) => {
const displayError = document.getElementById('card-errors');
if (error) {
displayError.textContent = error.message;
} else {
displayError.textContent = '';
}
});
form.addEventListener('submit', function(e) {
e.preventDefault();
var wpsdShowCheckout = true;
if ($("#wpsd_donate_other_amount").val() == '') {
$('#card-errors').show('slow').addClass('error').html('Amount Missing');
$("#wpsd_donate_other_amount").focus();
return false;
}
if ($("#wpsd_donate_other_amount").val() !== '') {
wpsdDonateAmount = $("#wpsd_donate_other_amount").val();
}
if (($("#wpsd_donation_for").val() == '') || ($("#wpsd_donation_for").val() == null)) {
$('#card-errors').show('slow').addClass('error').html('Please Enter Donation For');
$("#wpsd_donation_for").focus();
return false;
}
if ($("#wpsd_donator_name").val() == '') {
$('#card-errors').show('slow').addClass('error').html('Please Enter Name');
$("#wpsd_donator_name").focus();
return false;
}
if ($("#wpsd_donator_email").val() == '') {
$('#card-errors').show('slow').addClass('error').html('Please Enter Email');
$("#wpsd_donator_email").focus();
return false;
}
if (!wpsd_validate_email($("#wpsd_donator_email").val())) {
$('#card-errors').show('slow').addClass('error').html('Please Enter Valid Email');
$("#wpsd_donator_email").focus();
return false;
}
if ($("#wpsd_captcha_content").val() == '') {
$('#card-errors').show('slow').addClass('error').html('Capcha Missing!');
$("#wpsd_captcha_content").focus();
return false;
}
if ($("#wpsd_captcha_content").val() != $("#wpsd_captcha_content_check").val()) {
$('#card-errors').show('slow').addClass('error').html('Wrong Capcha Number!');
$("#wpsd_captcha_content").focus();
return false;
}
// Address Processing
var address = [{
'address_street': $('#wpsd_address_street').val(),
'address_line2': $('#wpsd_address_line2').val(),
'address_city': $('#wpsd_address_city').val(),
'address_state': $('#wpsd_address_state').val(),
'address_postal': $('#wpsd_address_postal').val(),
'address_country': $('#wpsd_address_country').val()
}];
//var address = $.serialize(address);
if (wpsdShowCheckout) {
$("#wpsd-pageloader").fadeIn();
$.ajax({
url: wpsdAdminScriptObj.ajaxurl,
type: "POST",
dataType: "JSON",
cache: false,
data: {
action: 'wpsd_donation',
name: $("#wpsd_donator_name").val(),
email: $("#wpsd_donator_email").val(),
amount: wpsdDonateAmount,
donation_for: $("#wpsd_donation_for").val(),
currency: wpsdAdminScriptObj.currency,
idempotency: wpsdAdminScriptObj.idempotency,
security: wpsdAdminScriptObj.security,
stripeSdk: wpsdAdminScriptObj.stripe_sdk,
address: address
},
success: function(response) {
if (response.data.status === 'success') {
stripe.confirmCardPayment(response.data.client_secret, {
payment_method: {
card: card,
billing_details: {
name: $("#wpsd_donator_name").val(),
email: $("#wpsd_donator_email").val(),
}
}
}).then(function(result) {
if (result.error) {
$("#wpsd-pageloader").fadeOut();
$('#card-errors').text(result.error.message);
} else {
if (result.paymentIntent.status === 'succeeded') {
afterPaymentSucceeded($("#wpsd_donator_email").val(), wpsdDonateAmount, $("#wpsd_donation_for").val(), $("#wpsd_donator_name").val(), wpsdAdminScriptObj.currency, $("#wpsd-comments").val(), address);
}
}
});
}
if (response.data.status === 'error') {
$("#wpsd-pageloader").fadeOut();
$('#card-errors').show('slow').removeClass('success').addClass(response.data.status).html(response.data.message);
}
}
});
}
});
}
$("#wpsd-donation-form-id input[type='radio']").on("click", function() {
var wpsdRadioVal = $(this).val();
if (wpsdRadioVal !== undefined) {
$("#wpsd_donate_other_amount").val(wpsdRadioVal);
}
});
$('#wpsd_donate_other_amount').on('keyup', function(e) {
$("#wpsd-donation-form-id input[type='radio']").prop("checked", false);
if (/^(\d+(\.\d{0,2})?)?$/.test($(this).val())) {
$(this).data('prevValue', $(this).val());
} else {
$(this).val($(this).data('prevValue') || '');
}
});
function wpsd_validate_email($email) {
var emailReg = /^([\w-\.]+@([\w-]+\.)+[\w-]{2,6})?$/;
return emailReg.test($email);
}
function afterPaymentSucceeded(email, amount, donateFor, name, currency, comments, address) {
$.ajax({
url: wpsdAdminScriptObj.ajaxurl,
type: "POST",
dataType: "JSON",
data: {
action: 'wpsd_donation_success',
email: email,
amount: amount,
donation_for: donateFor,
name: name,
currency: currency,
comments: comments,
address: address
},
success: function(response) {
if (response.status === 'success') {
var url = new URL(wpsdAdminScriptObj.successUrl);
url.searchParams.set('donation', 'success');
window.location.href = url.href;
}
if (response.status === 'error') {
$('#card-errors').show('slow').removeClass('success').addClass(response.status).html(response.message);
}
}
});
}
// searchable dropdown select
$('div.wpsd-form-item-half-right select#wpsd_address_country').selectize({
sortField: 'text'
});
})(window, jQuery);I use this plugin in Japanese.
I tested it with 100yen (Jp yen).
In Reply email, I could see “Amount received: 100JPY”.
But receipts from stripe, I found 10,000Yen.
Why the amount notified is different?
]]>Hello. Great looking demo. But we may want to show this inside a small modal window. Will this work with just the tag [wp-…] inside the model window’s content?
Secondly how can we customize the icons and the text inside the thank you page? Need to do that for a different language. Thanks!
]]>Hi, thanks for the plugin.
While testing I notice that in the receipt email to the donor, there is a Reply-To that shouldn’t be there:
Reply-To: [email protected]
]]>Although the “Disable Admin Email” is NOT checked, we are not receiving an email following a donation.
]]>Hi!
After the recent update of your add-on the images of our website are only visible in theme customizer mode, after publication the images are invisible. After, I disabled the add-on all is fine.
Hi!
Some hackers got access to the privat API Key of Stripe and repaid all the donations to the sender. The private api key stays unencrypted within the plugin. What a mess! Is this problem solved?
My “Amount” section of the form has extra “>” characters in it. No matter how many entries are on the form (even if there are no amount entries), I still have it.
See here, for example: https://imgur.com/x64GACT
]]>I’m using another plugin to capture room bookings with a stripe payment portal.
I keep seeing the error ‘stripe.js was loaded twice’, which i’m assuming is because this plugin and the other are trying to load the js file on all pages.
Is there a way to limit what page loads the js file – like if it can only load on the one specific page that i have a donation form on?
Thanks
]]>Is there a way to customise the emails that people receive? We are a church and use the word offering instead of donation and I can’t figure out where the email templates come from.
Thank you
]]>You can see in the console that stripe is being loaded from the beginning and not the page that contains the element.
]]>Hello!
I just installed the plugin, really easy to install, however, the layout is a bit wonky (see link). There is way to much space between al the options. How do I solve this?
Thank you!
~Tess
I’m curious if there’s a way to list donation data such as the donators’ usernames and amounts on the frontend.
]]>Hi there, we trying to remove or customise the donations amount options… any suggestion on how we can do it?
Alternatively, is something you can consider in your next release?
Thanks
]]>Hi everyone,
I implemented WP Stripe Donation plugin in my wordpress website. After someone made a donation, i can successfully see the donation made on my Stripe dashboard but the donor email doesn’t seem to be passed correctly from the donation form to my Stripe account. So none of the donors receive an email receipt after their donation, even though the option is activated on Stripe.
Any help out there?
Thanks!
Sandra
Issue in dot payements like “125.25”
]]>Hi
Great lugin only one thing is that when i went to test it it saying a red error ” Please enter donate for” only thing i see is the title change. where do i add these?
]]>Thank you for using WordPress Stripe Donation.
If you are looking for support, you can initiate a live here.
You can join our Facebook Page to discuss and share your feedback.
This support forum is for community only, we might not be able to answer quickly as we do not monitor regularly.
]]>There are black dots over the radio options for dollar amount.
]]>Just got a warning message and checked the code looks like you have left the stripe secret keys publicly exposed via ajax call. This is very sensitive as people can use these keys to make unauthorized API requests.
You have a js variable called wpsdAdminScriptObj and saving the api keys to the front end. Not good at all.
]]>