Why is Razorpay plugin tampering with REST API authentication?
-
Why is Razorpay plugin bypassing REST API authentication altogether in the file
includes/api/api.phpline number 284?
Link to source: https://plugins.trac.www.ads-software.com/browser/woo-razorpay/trunk/includes/api/api.php#L284In the same file, line number 279, the return value has to be an integer. Why do you have to do that to bypass the
wp_verify_noncecheck? That’s placed there for a reason.Link to source: https://plugins.trac.www.ads-software.com/browser/woo-razorpay/trunk/includes/api/api.php#L279
This is completely unethical from a security point of view. Your development team is using “hacks” to get around the issues they face in the plugin. Which is making a lot of websites vulnerable and also destroying the brand reputation of Razorpay.
Kindly fix it or I’ll have to escalate it to WordPress Plugin Security team.
- The topic ‘Why is Razorpay plugin tampering with REST API authentication?’ is closed to new replies.
