- This topic has 4 replies, 5 voices, and was last updated 11 years, 3 months ago by
.
-
Posts
-
There is this old trick whereby someone tries to modify the prices shown on a webpage by injecting queries into the form but this trick doesn’t work on WP eStore.
WP eStore has post payment verification that checks the amount paid against the correct amount of the product stored in the database. So if someone dynamically changed the price on the webpage then the post payment verification of eStore will catch this and flag the transaction as a scam (no download links will be given to the customer for this payment).
More details on WP eStore’s post payment verification can be found here:
http://www.tipsandtricks-hq.com/ecommerce/wordpress-ecommerce-knowledgebase-523#payment-verification
I am sure the scammer won’t make a noise about it as they know that they were trying to steal, so you get to keep the money they paid too
So in summary, the post payment verification of eStore will fail if anyone tampers with the data and eStore won’t update the database. WP eStore will automatically detect this tampering and send you (the admin) an email when this happens (with some details) so you can investigate this further.
Well, something else happened then. Someone found a security hole in Paypal and told me as much. This is the Google translator version from the French:
A flaw in the paypal payment mode that allows change the price of an order given by altering
brief must change the mode of payment paypal on your site by another as ifthat is not secure. well worth a free pack? : 3 no … okay: pSo, there is a security hole somewhere.
@jgroup — Every few years, like clockwork, this question comes up:
https://support.tipsandtricks-hq.com/forums/topic/security-vulnerability
- You must be logged in to reply to this topic.