Is this plugin secure?

  • Resolved rfair404

    (@rfair404)


    10 years, 3 months ago

    I recently attempted to use this plugin on a site I wanted to accept donations on but didn’t want to do a lot of work to make it happen. I added the latest version of gravityforms and your plugin and set it up 100% according to the install instructions.

    However nothing seems to be transmitting to stripe. I checked the logs and there is nothing in the stripe token log.

    Upon further inspection of the final form (with the credit card fields) it appears that the form contains input fields (for credit card, expiration etc) that have the name attribute, which means that the credit card data is actually being sent to my server. I know this is the case because the confirmation email has the credit card (last 4 digits).

    If that is the case, the statements about “[not needing to deal with] PCI compliance” and “make sure sensitive card information never hits your server” are not entirely accurate.

    Is it just me, am I missing something? did a recent update fix (or break) this?

    https://www.ads-software.com/plugins/gravity-forms-stripe/

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Is this plugin secure?’ is closed to new replies.