Plugin Hack?

  • Resolved roxwhitt

    (@roxwhitt)


    1 year, 2 months ago

    Wondering if this is a hack job? Was using latest plugin version and over the last 3 days Random Woocomerce orders showing paid but the payment is not showing up in Stripe. I am in US and the orders should be paid in USD but on the order it shows Ruppees.

    Items Subtotal:<bdi>$124.95</bdi>Shipping:<bdi>$0.00</bdi>Order Total:<bdi>$124.95</bdi> Stripe Fee:-<bdi>?517.55</bdi> Stripe Payout:<bdi>?9,682.61</bdi>

    Payments are showing as pending in customers bank accounts.

    I tried contacting support thru Chat but that’s not working either. Very frustrated. Please help?

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support Shameem R. a11n

    (@shameemreza)

    Hi @roxwhitt

    It sounds like the issue is not necessarily a hack, but rather a potential misconfiguration or a bug. The plugin is designed to process payments in the currency that is set in your WooCommerce settings. If it’s showing payments in Rupees (?), it could be that your store settings have been changed or there might be an issue with the plugin itself.

    Here are a few steps you can take:

    1. Check your WooCommerce settings to ensure that the default currency is set to USD.
    2. Verify your Stripe account settings to ensure they’re set to accept payments in USD.
    3. Try disabling and re-enabling the WooCommerce Stripe Payment Gateway plugin.
    4. If the issue persists, consider updating or reinstalling the plugin.

    If none of these steps resolve the issue, please enable the Stripe debug mode as explained here https://woocommerce.com/document/stripe/#setup-and-configuration (Go to step 11). And please navigate to WooCommerce > System Status > Logs and provide the error messages generated (if any).

    I understand this situation is frustrating and we appreciate your patience as we work to resolve this issue.

    Looking forward to hearing from you.

    Thread Starter roxwhitt

    (@roxwhitt)

    No it was definitely a hack. It was confirmed today. They were able to change the api’s in the plugin to divert the payments to their account. It’s a mess. It happened after I updated to the last version. I did revert back to the previous version but they were already in. Just trying to clean up now. I’m scared to death to update the plugin now. Ya’ll need to be aware that there is a vulnerability in the plugin.

    Plugin Support Saravanan S, a11n

    (@simplysaru)

    Hi @roxwhitt,

    Sorry, to hear about the issues here.

    > I’m scared to death to update the plugin now. Ya’ll need to be aware that there is a vulnerability in the plugin.

    Could you elaborate on this? Are you working with an ethical hacker/security expert to clean up the site and help you with this? Did they point you in the direction of the exact vulnerability in the extension?

    Give the sensitivity of the issue, please contact us from WooCommerce.com > My Account > Support. You may need to create an account before you can access that page. So that we can work with you via email closely.

    Please include a link to this forum thread so that we can keep track of what’s already been done.

    We will be able to help you further there.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Plugin Hack?’ is closed to new replies.