Unencrypted personal data in script

  • Resolved Graami

    (@graami)


    3 years ago

    Hi,

    We just discovered that the plugin is adding unencrypted person data to the page code. In this format:

    <!-- WooCommerce Facebook Integration Begin -->
			<script  type="text/javascript">

				fbq('init', '123451234512345', {
    "em": “myname@mycompany.co.uk",
    "fn": “myfirstname”,
    "ln": "mysurname”,
    "external_id": "1",
    "ct": “mytown”,
    "zp": “mypostcode”,
    "ph": “01234567890”,
    "cn": "gb"
}

    Any idea where the data is being pulled from and how can we stop it from happening or encrypt it? Thanks

Viewing 5 replies - 1 through 5 (of 5 total)
  • Igor H

    (@ihereira)

    3 years ago

    Hello,

    Can you describe the steps/actions made on your site in order to see the data that is above?

    Can you please enable logging, repeat the steps to replicate the issue, and then share the log for us to take a look? To do so, please follow the following steps:

    • Head to Marketing > Facebook.
    • Enable debug mode at the bottom of the screen and save the settings.
    • Repeat the steps to replicate the error.
    • Head to WooCommerce > Status > Logs.
    • Choose the Facebook log from the dropdown and click the “View” button to display the log. Please note that the log may be in UTC/GMT time, so it may be offset by a few hours.
    • You can also paste the logs (In text format) directly in your reply.

    Thanks.

    Thread Starter Graami

    (@graami)

    3 years ago

    Hi,

    Thanks for the swift reply. The code was found when viewing the source code for the page (https://carolewaller.co.uk). I don’t know if this is a recent development or not, we were troubleshooting another issue.

    Here is the log data:

    03-22-2023 @ 12:10:22 - Request
    method: GET
    uri: https://graph.facebook.com/v14.0/176026349981725?fields=name
    user-agent: Facebook-for-WooCommerce/3.0.16 (WooCommerce/7.5.0; WordPress/6.1.1)
    body:
    duration: 0.14773s

03-22-2023 @ 12:10:22 - Response
    code: 200
    message: OK
    body: {"name":"Products for Carole Waller - Art to Wear (618011641542405)","id":"176026349981725"}

03-22-2023 @ 12:18:21 - Request
    method: POST
    uri: https://graph.facebook.com/v14.0/398852878174810/events
    user-agent: Facebook-for-WooCommerce/3.0.16 (WooCommerce/7.5.0; WordPress/6.1.1)
    body: {"data":[{"action_source":"website","event_time":1679487501,"event_id":"4082ccf7-e7ec-4c30-8e44-8f59420beb19","event_source_url":"https:\/\/carolewaller.co.uk\/product-category\/clothes\/jackets\/","custom_data":{"content_name":"Jackets","content_category":"Jackets","content_ids":"[\"CW111.21_23634\",\"CW93_21175\",\"CW46.5_20604\",\"CW45.7_20594\",\"CW5.81_13657\"]","content_type":"product","contents":[{"id":"CW111.21_23634","quantity":1},{"id":"CW93_21175","quantity":1},{"id":"CW46.5_20604","quantity":1},{"id":"CW45.7_20594","quantity":1},{"id":"CW5.81_13657","quantity":1}]},"user_data":{"client_ip_address":"185.229.22.179","client_user_agent":"WP Rocket\/Preload","fbc":"","fbp":""},"event_name":"ViewCategory"}],"partner_agent":"woocommerce-7.5.0-3.0.16"}
    duration: 0.18857s

03-22-2023 @ 12:18:21 - Response
    code: 200
    message: OK
    body: {"events_received":1,"messages":[],"fbtrace_id":"AnIQDHNPyZKgvvQUhSrcbFt"}

03-22-2023 @ 12:18:22 - Request
    method: POST
    uri: https://graph.facebook.com/v14.0/398852878174810/events
    user-agent: Facebook-for-WooCommerce/3.0.16 (WooCommerce/7.5.0; WordPress/6.1.1)
    body: {"data":[{"action_source":"website","event_time":1679487502,"event_id":"1a466fa4-73d2-466c-8ea7-6c351969c9ef","event_source_url":"https:\/\/carolewaller.co.uk\/product-category\/clothes\/jackets\/","custom_data":{"content_name":"Jackets","content_category":"Jackets","content_ids":"[\"CW111.21_23634\",\"CW93_21175\",\"CW46.5_20604\",\"CW45.7_20594\",\"CW5.81_13657\"]","content_type":"product","contents":[{"id":"CW111.21_23634","quantity":1},{"id":"CW93_21175","quantity":1},{"id":"CW46.5_20604","quantity":1},{"id":"CW45.7_20594","quantity":1},{"id":"CW5.81_13657","quantity":1}]},"user_data":{"client_ip_address":"185.229.22.179","client_user_agent":"Mozilla\/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit\/601.1.46 (KHTML, like Gecko) Version\/9.0 Mobile\/13B143 Safari\/601.1","fbc":"","fbp":""},"event_name":"ViewCategory"}],"partner_agent":"woocommerce-7.5.0-3.0.16"}
    duration: 0.15532s

03-22-2023 @ 12:18:22 - Response
    code: 200
    message: OK
    body: {"events_received":1,"messages":[],"fbtrace_id":"AHeRvzxLsKYZjmKAzhABKQj"}

03-22-2023 @ 12:18:35 - Request
    method: POST
    uri: https://graph.facebook.com/v14.0/398852878174810/events
    user-agent: Facebook-for-WooCommerce/3.0.16 (WooCommerce/7.5.0; WordPress/6.1.1)
    body: {"data":[{"action_source":"website","event_time":1679487514,"event_id":"83e30577-8233-4303-9910-4250c3dc005c","event_source_url":"https:\/\/carolewaller.co.uk\/product\/offcut-handpainted-bamboo-jersey-cardigan\/","custom_data":{"content_name":"'Offcut' handpainted bamboo jersey cardigan Carole Waller","content_ids":"[\"ss23\\/26_24855\"]","content_type":"product","contents":"[{\"id\":\"ss23\\/26_24855\",\"quantity\":1}]","content_category":"Silk Shirts","value":"295","currency":"GBP"},"user_data":{"client_ip_address":"185.229.22.179","client_user_agent":"WP Rocket\/Preload","fbc":"","fbp":""},"event_name":"ViewContent"}],"partner_agent":"woocommerce-7.5.0-3.0.16"}
    duration: 0.20432s

03-22-2023 @ 12:18:35 - Response
    code: 200
    message: OK
    body: {"events_received":1,"messages":[],"fbtrace_id":"Ala8qzYEuLYP4nxFWXNSE6p"}

03-22-2023 @ 12:18:36 - Request
    method: POST
    uri: https://graph.facebook.com/v14.0/398852878174810/events
    user-agent: Facebook-for-WooCommerce/3.0.16 (WooCommerce/7.5.0; WordPress/6.1.1)
    body: {"data":[{"action_source":"website","event_time":1679487516,"event_id":"1df72106-61dd-4c47-a8b6-d4ec7d55078b","event_source_url":"https:\/\/carolewaller.co.uk\/product\/offcut-handpainted-bamboo-jersey-cardigan\/","custom_data":{"content_name":"'Offcut' handpainted bamboo jersey cardigan Carole Waller","content_ids":"[\"ss23\\/26_24855\"]","content_type":"product","contents":"[{\"id\":\"ss23\\/26_24855\",\"quantity\":1}]","content_category":"Silk Shirts","value":"295","currency":"GBP"},"user_data":{"client_ip_address":"185.229.22.179","client_user_agent":"Mozilla\/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit\/601.1.46 (KHTML, like Gecko) Version\/9.0 Mobile\/13B143 Safari\/601.1","fbc":"","fbp":""},"event_name":"ViewContent"}],"partner_agent":"woocommerce-7.5.0-3.0.16"}
    duration: 0.15477s

03-22-2023 @ 12:18:36 - Response
    code: 200
    message: OK
    body: {"events_received":1,"messages":[],"fbtrace_id":"AQWB-YJzs5BRF4lKTswvA1j"}

03-22-2023 @ 12:18:38 - Request
    method: POST
    uri: https://graph.facebook.com/v14.0/398852878174810/events
    user-agent: Facebook-for-WooCommerce/3.0.16 (WooCommerce/7.5.0; WordPress/6.1.1)
    body: {"data":[{"action_source":"website","event_time":1679487517,"event_id":"3a0140be-0853-46a3-aeb2-d1dd20338b96","event_source_url":"https:\/\/carolewaller.co.uk\/product\/handpainted-organic-cotton-drill-loose-jacket\/","custom_data":{"content_name":"'Offcut' handpainted organic cotton drill loose jacket Carole Waller","content_ids":"[\"ss23\\/24_24863\"]","content_type":"product","contents":"[{\"id\":\"ss23\\/24_24863\",\"quantity\":1}]","content_category":"Jackets","value":"495","currency":"GBP"},"user_data":{"client_ip_address":"185.229.22.179","client_user_agent":"WP Rocket\/Preload","fbc":"","fbp":""},"event_name":"ViewContent"}],"partner_agent":"woocommerce-7.5.0-3.0.16"}
    duration: 0.15584s

03-22-2023 @ 12:18:38 - Response
    code: 200
    message: OK
    body: {"events_received":1,"messages":[],"fbtrace_id":"AUgEa66E_6g75EdvyyEcGqI"}

03-22-2023 @ 12:18:39 - Request
    method: POST
    uri: https://graph.facebook.com/v14.0/398852878174810/events
    user-agent: Facebook-for-WooCommerce/3.0.16 (WooCommerce/7.5.0; WordPress/6.1.1)
    body: {"data":[{"action_source":"website","event_time":1679487519,"event_id":"d9470f87-86e1-4763-a2d7-bc8f6185eb0e","event_source_url":"https:\/\/carolewaller.co.uk\/product\/handpainted-organic-cotton-drill-loose-jacket\/","custom_data":{"content_name":"'Offcut' handpainted organic cotton drill loose jacket Carole Waller","content_ids":"[\"ss23\\/24_24863\"]","content_type":"product","contents":"[{\"id\":\"ss23\\/24_24863\",\"quantity\":1}]","content_category":"Jackets","value":"495","currency":"GBP"},"user_data":{"client_ip_address":"185.229.22.179","client_user_agent":"Mozilla\/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit\/601.1.46 (KHTML, like Gecko) Version\/9.0 Mobile\/13B143 Safari\/601.1","fbc":"","fbp":""},"event_name":"ViewContent"}],"partner_agent":"woocommerce-7.5.0-3.0.16"}
    duration: 0.16128s

03-22-2023 @ 12:18:39 - Response
    code: 200
    message: OK
    body: {"events_received":1,"messages":[],"fbtrace_id":"AYbCrSyt0lqi4OeAYnOznoX"}

    Saif

    (@babylon1999)

    3 years ago

    Hello @graami,

    Thanks for sharing the logs! Unfortunately, I’m having trouble locating what you’re describing on my test site.


    Link to image: https://d.pr/i/dNr2Y7

    Seems like we’ll need to take a closer look. Could you please open a ticket about this from WooCommerce.com > MY profile > Support?

    Make sure to include a link to this thread so we know what has been done already.

    Cheers!

    Thread Starter Graami

    (@graami)

    3 years ago

    I think I may have just found part of the answer. The data only appears in the code when I am logged in, then it shows my info. When not logged in the only this is displayed: 

    		<!-- WooCommerce Facebook Integration Begin -->
			<script type="rocketlazyloadscript" data-rocket-type="text/javascript">

				fbq('init', '398852878174810', {}, {
    "agent": "woocommerce-7.5.0-3.0.16"
});

				fbq( 'track', 'PageView', {
    "source": "woocommerce",
    "version": "7.5.0",
    "pluginVersion": "3.0.16"
} );

				document.addEventListener( 'DOMContentLoaded', function() {
					jQuery && jQuery( function( $ ) {
						// Insert placeholder for events injected when a product is added to the cart through AJAX.
						$( document.body ).append( '<div class=\"wc-facebook-pixel-event-placeholder\"></div>' );
					} );
				}, false );

			</script>

    So that seems okay. For data it would be good to understand what happens there though for that to display. But look as if it’s not the problem I thought at first.

    Roxy

    (@roxannestoltz)

    3 years ago

    Hi @graami ,

    Thanks for providing an update!

    I can confirm that I am unable to see this on my end when viewing your sites source code:

    I will go ahead and mark this as resolved then, however feel free to create a new topic if you need any further help 🙂

    Cheers!

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Unencrypted personal data in script’ is closed to new replies.

  • 5 replies
  • 4 participants
  • Last reply from: Roxy
  • Last activity: 3 years ago
  • Status: resolved