Support » Plugin: PayPal Donation » Paypal Plug In Issue

  • Resolved tusker81

    (@tusker81)


    I have installed the PayPal plug in to allow donations on our website
    All seems to work OK but I am getting the following message when a donation is made

    Hopefully this is just an an admin issue but is there some way of turning off this notification or similar to prevent this happening

    Thanks

    This email was sent from your website by the Wordfence plugin.

    Wordfence found the following new issues on ……

    Alert generated at Friday 23rd of October 2020 at 08:22:01 AM

    See the details of these scan results on your site at: https://.com/wp-admin/admin.php?page=WordfenceScan

    High Severity Problems:

    * Unknown file in WordPress core: wp-admin/LOG_FILE

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Scott Paterson

    (@scottpaterson)

    Sorry you are having problems:

    How do you know the message “Unknown file in WordPress core: wp-admin/LOG_FILE” is related to this plugin?

    Thanks,
    Scott

    Hi Scott,
    I only registered to write for the same problem.
    My site has no other paypal plugin and I received the same alert from Wordfence.
    By viewing the file (even without logging in) you can get the emails, the session cookie and transaction id of the donations made.
    If you need a PoC I can try to see if the file reappears by making a new donation
    I remain at your disposal

    And obv thank’s for you work.

    Ok, I just tried and here’s proof https://anonymousfiles.io/XZUtoCvt/
    I delete the cookies and the sensitive informations, I’m going to disable the plugin until it’s fixed.

    • This reply was modified 2 months, 2 weeks ago by sivab63691.
    • This reply was modified 2 months, 2 weeks ago by sivab63691.
    • This reply was modified 2 months, 2 weeks ago by sivab63691.
    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Plugin Review Team Rep

    You are correct, the cause is this plugin. However it only happens if you have DEBUG set to true:

    
    		if(DEBUG == true) {
    			error_log(date('[Y-m-d H:i e] '). "Verified IPN: $req ". PHP_EOL, 3, LOG_FILE);
    		}
    

    This is not a vulnerability. Turn off DEBUG in production.

    Thanks for this
    I am not a tech person – is there an idiots guide showing how to turn this off

    Thanks again Eric

    Plugin Author Scott Paterson

    (@scottpaterson)

    I saw the update, thank’s for the fix Scott.

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.