Two payment forms on checkout page

  • Resolved JamesKoussertari

    (@jameskoussertari)


    2 weeks, 6 days ago

    Hi,

    I seem to have two payment forms on my website for some reason. The only payment methods enabled on my site are:

    Credit Cards (Stripe) by Payment Plugins
    Apple Pay (Stripe) by Payment Plugins

    See screenshot below of how it appears on the checkout page…

    https://ibb.co/VcLK39yw

    The two opening divs for each form are below…

    <div class="payment_box payment_method_stripe_cc wc-stripe-no-methods" style="">
    <div class="s_div1">

    When I disable the Apple Pay option, only the grey payment form remains. So I’m guessing it is something to do with Apple Pay.

    Any idea what is causing this?

    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Payment Plugins

    (@mrclayton)

    Hi @jameskoussertari

    The html <div class="s_div1"> is not from this Stripe plugin.

    Based on the screenshot you shared, it looks to me like you have a malicious script that’s rendering a “fake” card form so customers enter their card details directly on the site.

    If you can share a product page link to your site I can perform a closer analysis. If you want to keep your site link private, you can create a support ticket via the Stripe plugin’s help widget.

    Kind Regards

    Thread Starter JamesKoussertari

    (@jameskoussertari)

    I had a suspicion it might be malicious but was hoping it wasn’t.

    Turns out the hacker had gained access via an old admin account and added WP Code Lite plugin to hide a malicious script.

    The script hijacked the genuine card form and added a duplicate form which steals card details.

    I’d urge anyone using these types of plugins to check all their snippets and add 2FA on all admin accounts to prevent unauthorised access.

    Are there any security measures Payment Plugins can put in place to prevent such a situation for others in future? If it would benefit Payment Plugins to see the malicious code, I’m happy to share it.

    Thanks

    Plugin Author Payment Plugins

    (@mrclayton)

    Hi @jameskoussertari

    Are there any security measures Payment Plugins can put in place to prevent such a situation for others in future??

    That can be difficult with open source projects since bad actors can look at the code and find work arounds for security measures.

    It would be beneficial to see the malicious code. You can share that privately if you like via the support widget in the plugin settings.

    Kind Regards

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.