Urgent Security Concern: Exposed Stripe Key on Website

  • Resolved jagdishjuit

    (@jagdishjuit)


    7 months ago

    Dear Paymatiic Support Team,

    I hope this message finds you well. I am writing to urgently address a critical security concern regarding my website, specifically the page at [https://www.alfcoretraining.net/in-person-12-hr-continuing-education/](https://www.alfcoretraining.net/in-person-12-hr-continuing-education/).

    I recently received a notification from Stripe alerting me that my Stripe API key is publicly exposed on the aforementioned page. Upon inspecting the source code of the page, I discovered that the Paymatiic JavaScript file is inadvertently exposing this key. This exposure has already had serious repercussions, as evidenced by an attempt to exploit this vulnerability, resulting in approximately 1000 unauthorized $1 transactions.

    This is a significant security lapse, and I need your immediate assistance to resolve this issue. It is imperative that we address this exposure as quickly as possible to prevent further unauthorized access and potential financial losses.

    Please advise on the steps you are taking to rectify this situation and ensure such exposures do not occur in the future. I am available for a call or further correspondence to expedite this resolution.

    Thank you for your prompt attention to this critical matter. I look forward to your immediate response.

    Best regards,

    JAGDISH SHARMA

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support Nayan Das

    (@hellonayan)

    Hello JAGDISH,

    Thank you very much for bringing this issue to our attention. I am happy to let you know that we have already resolved it and released an update that includes the fix. Please make sure to update the plugin, and hopefully, you won’t encounter this issue again.

    Thanks again!

Viewing 1 replies (of 1 total)
  • The topic ‘Urgent Security Concern: Exposed Stripe Key on Website’ is closed to new replies.