[NSFW] URGENT: Security Flaw in Payment Page – Transaction Reference Number Exploited

  • Resolved Test Developer

    (@test-developer)


    2 months ago

    Hello Team,

    I hope this email finds you well. I am writing to report a critical security issue that I have encountered with your plugin. It appears that my website’s payment page has been compromised, and a hacker has exploited a vulnerability related to the transaction reference number.

    Specifically, the hacker has been able to use the same transaction reference number from a previous successful payment to create a new fraudulent order by simply opening a URL. This has resulted in unauthorized payments being processed on my website.

    I strongly recommend a thorough review of the plugin’s code, especially in relation to how transaction reference numbers are handled. It is essential to increase security measures to prevent this type of exploit, as it poses a significant risk to both my business and customers.

    Could you kindly prioritize this issue and provide any guidance on steps I should take to mitigate the situation while awaiting a fix?

    Your prompt attention to this matter would be greatly appreciated.

    Thank you for your support, and I look forward to your quick response.

    Best regards,
    Dinesh kumar

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Trust Payments

    (@trustpayments)

    Hi Dinesh kumar,
    Thank you for your valuable feedback. To address your concern effectively, we kindly request that you contact our support team directly at [email protected] with the following information:
    1. Your site reference
    2. WooCommerce version
    3. PHP version
    4. Trust Payments plugin version


    Please reference this topic in your email to ensure prompt assistance.


    For future inquiries, support requests, or comments, we recommend contacting our support team directly at [email protected]. This allows us to provide you with formal and timely responses.
    We appreciate your cooperation and look forward to resolving your issue.
    Kind regards,
    Trust Payments

    Plugin Author Trust Payments

    (@trustpayments)

    Hi Dinesh kumar,

    I wanted to follow up on the ticket we created in response to your recent inquiry.

    To summarise, we received your email and created a ticket, we sent you a response requesting additional information and we are currently awaiting your reply to proceed further.
    At this time, we’re unable to take any action until we receive your response. If you have any questions or need clarification on what information we require, please don’t hesitate to reach out.

    For reference, this thread will be marked as resolved. However, your ticket remains open and active in our system. Once we receive your reply, we’ll promptly resume work on your case.

    For future inquiries, support requests, or comments, we recommend contacting our support team directly at?[email protected]. This allows us to provide you with formal and timely responses.
    We appreciate your cooperation and look forward to resolving your issue.
    Kind regards,
    Trust Payments

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.