andrew0115

Forum Replies Created

Viewing 1 replies (of 1 total)
  • Forum: Plugins
    In reply to: [Simple Membership] Paypal Button
    Thread Starter andrew0115

    (@andrew0115)

    6 years, 2 months ago

    Hi
    Thank you for your reply. I have found a solution to the problem and managed to get the button created from Paypal onto the site and using the advanced variables code created and hopefully this will stop this happening again, I will give you the information requested as you may want to look into it.

    This was the reply I received from Paypal

    Hi Andrew,

    Apologies for the delayed response, On going through your website, I found that you are using an unsecured PayPal HTML button to receive Subscription payment and this has a drawback where in you change the amount in the source code & pass the same to PayPal, using this vulnerability buyer had changed the subscription amount to £1.99 and made a successful transaction to your PP account.

    Due to this vulnerability we do not recommend unsecured PP button to our partners,It is always recommended to use secured Button codes which ensures backward compatibility and protection from Fraudulent transaction.

    So I too recommend you to switch to Secured HTML Button code to prevent such kind of fraudulent transactions in future.

    The WordPress version I am using is 5.3.2
    Yes all the plugins and themes are up to date.
    I do not know the server specs
    The security is just whatever i have with wordpress.

    This is what the email should look like that I get from Paypal I have taken the names off etc

    Customer name:
    Customer email:
    Automatic payment ID: I-HY9FK6VYH734
    For: BFP Academy & Updates
    Automatic payment details

    Amount paid each time: £24.99 GBP
    Billing cycle: Monthly
    Payments start: 24 Mar 2020
    Next payment due: 24 Mar 2020
    Trial Period

    Trial period amount: £149.99 GBP
    Billing cycle: 3 Months
    Start date: 24 Dec 2019
    End date: 24 Mar 2020

    However this is what they changed it to which triggered the complete registration email and allowed them to get access to the site

    Customer name:
    Customer email:
    Automatic payment ID: I-5DW70BB775RL
    For: BFP Academy & Updates
    Automatic payment details

    Amount paid each time: £1.99 GBP
    Billing cycle: Monthly
    Payments start: 15 Feb 2020
    Next payment due: 15 Feb 2020
    Trial Period

    Trial period amount: £0.00 GBP
    Billing cycle: 3 Months
    Start date: 15 Nov 2019
    End date: 15 Feb 2020

    Anyway I think I have found a solution as did change it to the Paypal button but it was not registering members after completion but have now put the advanced variables code in so should be all ok now. Thanks for your time

    Andrew

Viewing 1 replies (of 1 total)