Support » Plugin: WordPress Stripe Donation and Payment Plugin » Warning! Hacker got access to the private Api Key of Stripe

  • Resolved freemono99212

    (@freemono99212)


    Hi!
    Some hackers got access to the privat API Key of Stripe and repaid all the donations to the sender. The private api key stays unencrypted within the plugin. What a mess! Is this problem solved?

    • This topic was modified 11 months, 1 week ago by freemono99212.

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter freemono99212

    (@freemono99212)

    The Problem is not solved the Secret API Key is protected only with Base64 an got exposed on our site!

    Here have a look!

    https://i.imgur.com/2zmUbvj.jpeg

    Plugin Author Hossni Mubarak

    (@mhmrajib)

    Hello @freemono99212

    I really don’t know about your problem!
    At first you said the private key in unencrypted and again you are saying it is only with base64 encrypted. So what’s right here?

    We just followed Stripe documentation and they have found nothing wrong about the encryption.

    I saw you analyze my code which is a good thing. If you have any advice regarding this issue I would like to take it positively.

    Please feel free to contact with our website live chat.

    Thank you.

    Plugin Author Hossni Mubarak

    (@mhmrajib)

    Hello @freemono99212

    We have applied some security patch and the secret key is not exposed anymore.
    FYI, publishable key is allowed to be exposed as it is named publishable.

    So please update the plugin with the latest version 2.2

    Thanks for identifying the issue.

    Hope it is safe now.

    If you still have further query feel free to knock our live chat.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Warning! Hacker got access to the private Api Key of Stripe’ is closed to new replies.