wc-api Vulnerabilities

  • Resolved naresh11381

    (@naresh11381)


    5 years, 2 months ago

    Scammers are targeting one of my sites WooCoomerce sites wc-api via Stripe. I’m getting thousands of requests via ?wc-api=wc_stripe. They’re checking credit cards which are being logged in stripe. I have put the site into maintenance mode but they’re still able to check cards and create logs/responses in stripe. I’m at a loss as to how I can protect the wc-api=wc_stripe endpoints from this abuse, putting the site into maintenance and activating Cloudflares “I’m under attack” security doesn’t slow it down. Any direction/help would be appreciated.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support Rob C.

    (@robertocyrino)

    5 years, 2 months ago

    Hi there,

    Please contact us at WooCommerce.com > My Account > Support. You may need to create an account before you can access that page.

    Please include your system report (WooCommerce > Status > Get system report), as well as a link to this forum thread, so that we can keep track of what’s already been done.

    We will be able to help you further there.

    Thank you,

    Missy a11n

    (@m155y5)

    Automattic Happiness Engineer

    5 years, 2 months ago

    We haven’t heard back from you in a while, so I’m going to go ahead and mark this thread as resolved. If you have any other questions please feel free to start a new thread.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘wc-api Vulnerabilities’ is closed to new replies.