Title: Ideal Postcodes's Replies | WordPress.org

---

# Ideal Postcodes

  [  ](https://wordpress.org/support/users/idealpostcodes/)

 *   [Profile](https://wordpress.org/support/users/idealpostcodes/)
 *   [Topics Started](https://wordpress.org/support/users/idealpostcodes/topics/)
 *   [Replies Created](https://wordpress.org/support/users/idealpostcodes/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/idealpostcodes/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/idealpostcodes/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/idealpostcodes/engagements/)
 *   [Favorites](https://wordpress.org/support/users/idealpostcodes/favorites/)

 Search replies:

## Forum Replies Created

Viewing 8 replies - 1 through 8 (of 8 total)

 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[UK Address Postcode Validation] Fix Country field](https://wordpress.org/support/topic/fix-country-field/)
 *  Plugin Author [Ideal Postcodes](https://wordpress.org/support/users/idealpostcodes/)
 * (@idealpostcodes)
 * [1 month, 2 weeks ago](https://wordpress.org/support/topic/fix-country-field/#post-18888549)
 * Hi there
 * I’m afraid we aren’t able to get to the bottom of it using the stock woocommerce
   configuration and some others we keep in our test suite
 * Would you mind sending an email to [support@ideal-postcodes.co.uk](https://wordpress.org/support/users/idealpostcodes/replies/support@ideal-postcodes.co.uk?output_format=md)–
   we think there might be a customisation of the checkout interfering with your
   plugin. So we’d like to see the checkout itself if possible. That way we can 
   either update our plugin or provide a code snippet for yours to get it working
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[UK Address Postcode Validation] Fix Country field](https://wordpress.org/support/topic/fix-country-field/)
 *  Plugin Author [Ideal Postcodes](https://wordpress.org/support/users/idealpostcodes/)
 * (@idealpostcodes)
 * [1 month, 2 weeks ago](https://wordpress.org/support/topic/fix-country-field/#post-18886485)
 * Hi Avinash
 * Thanks for this request. Would you mind sharing the version numbers of the plugin,
   WordPress and WooCommerce you’re on?
 * Feel free to copy this query into [support@ideal-postcodes.co.uk](https://wordpress.org/support/users/idealpostcodes/replies/support@ideal-postcodes.co.uk?output_format=md)
   if you want to take this private
 * Thanks
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[UK Address Postcode Validation] Security Flag](https://wordpress.org/support/topic/security-flag-3/)
 *  Plugin Author [Ideal Postcodes](https://wordpress.org/support/users/idealpostcodes/)
 * (@idealpostcodes)
 * [6 months, 3 weeks ago](https://wordpress.org/support/topic/security-flag-3/#post-18718141)
 * Hi there
 * We were able to get a hold of PatchStack a couple weeks ago to close this off:
   [https://patchstack.com/database/wordpress/plugin/uk-address-postcode-validation/vulnerability/wordpress-uk-address-postcode-validation-plugin-3-9-2-sensitive-data-exposure-vulnerability](https://patchstack.com/database/wordpress/plugin/uk-address-postcode-validation/vulnerability/wordpress-uk-address-postcode-validation-plugin-3-9-2-sensitive-data-exposure-vulnerability)
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[UK Address Postcode Validation] Unpatch Security Issue](https://wordpress.org/support/topic/unpatch-security-issue/)
 *  Plugin Author [Ideal Postcodes](https://wordpress.org/support/users/idealpostcodes/)
 * (@idealpostcodes)
 * [6 months, 3 weeks ago](https://wordpress.org/support/topic/unpatch-security-issue/#post-18718140)
 * Hi there
 * We were able to get a hold of PatchStack a couple weeks ago to close this off:
   [https://patchstack.com/database/wordpress/plugin/uk-address-postcode-validation/vulnerability/wordpress-uk-address-postcode-validation-plugin-3-9-2-sensitive-data-exposure-vulnerability](https://patchstack.com/database/wordpress/plugin/uk-address-postcode-validation/vulnerability/wordpress-uk-address-postcode-validation-plugin-3-9-2-sensitive-data-exposure-vulnerability)
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[UK Address Postcode Validation] Unpatch Security Issue](https://wordpress.org/support/topic/unpatch-security-issue/)
 *  Plugin Author [Ideal Postcodes](https://wordpress.org/support/users/idealpostcodes/)
 * (@idealpostcodes)
 * [7 months, 2 weeks ago](https://wordpress.org/support/topic/unpatch-security-issue/#post-18692708)
 * Thanks for your understanding. We’re keeping an overview and timeline to resolution
   here: [https://docs.ideal-postcodes.co.uk/docs/integrations/woocommerce#cve-2025-57923-sensitive-data-exposure-report](https://docs.ideal-postcodes.co.uk/docs/integrations/woocommerce#cve-2025-57923-sensitive-data-exposure-report)
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[UK Address Postcode Validation] Unpatch Security Issue](https://wordpress.org/support/topic/unpatch-security-issue/)
 *  Plugin Author [Ideal Postcodes](https://wordpress.org/support/users/idealpostcodes/)
 * (@idealpostcodes)
 * [7 months, 2 weeks ago](https://wordpress.org/support/topic/unpatch-security-issue/#post-18692568)
 * Hi there
 * We have investigated the Patchstack report (CVE-2025-57923) and can provide immediate
   clarification:
 * The exposed Information is a public-facing API Key and is not a security risk.
 * We’ve clarified what the issue with Patchstack. We discovered the “sensitive 
   data” exposed by the plugin is a public-facing API key used for our address lookup
   service. This key is not a secret credential and does not pose a vulnerability
   to your site.
 * This method of using a publicly viewable key for address lookup is standard practice
   for API usage. Similar services like Google Maps and Mapbox also rely on public
   API keys. These keys serve primarily to identify and meter usage (for billing
   and rate limiting), rather than act as a secret for protecting private data.
 * If this were a real CVE, we would *immediately* ship a fix and notify customers.
   However there is no way to fix this because it is working as designed.
 * Patchstack’s last email to us was sent 6th October 2025, wanting to clarify where
   we documented API keys were public. We responded the same day with documentation
   demonstrating the “sensitive data” was in fact a public-facing API key. We received
   no reply.
 * We have sent 5 emails between then and today (23 October) asking they either 
   correct the CVE or explain why this qualifies as a vulnerability in light of 
   the information we have provided. We have received no replies or even acknowledgement
   of these emails.
 * We will shortly be issuing a patch a breakdown of this CVE and Patchstack’s response
   to date. Given their lack of communication, we have also notified Patchstack’s
   CNA about this issue to resolve the CVE higher up.
    -  This reply was modified 7 months, 2 weeks ago by [Ideal Postcodes](https://wordpress.org/support/users/idealpostcodes/).
    -  This reply was modified 7 months, 2 weeks ago by [Ideal Postcodes](https://wordpress.org/support/users/idealpostcodes/).
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[UK Address Postcode Validation] I cant add the api key](https://wordpress.org/support/topic/i-cant-add-the-api-key/)
 *  Plugin Author [Ideal Postcodes](https://wordpress.org/support/users/idealpostcodes/)
 * (@idealpostcodes)
 * [5 years ago](https://wordpress.org/support/topic/i-cant-add-the-api-key/#post-14438794)
 * Hi there
 * If you’re using the Address Finder (Address Autocomplete), you should be able
   to use the Address Finder override field.
 * I suspect this can be done by adding the following to your override:
 *     ```
       {
         onLoaded: function () {
           this.view.input.placeholder = "My Custom Message";
         }
       }
       ```
   
 * Do feel free to drop by chat.ideal-postcodes.co.uk if you need realtime assistance
   on this.
    -  This reply was modified 5 years ago by [Ideal Postcodes](https://wordpress.org/support/users/idealpostcodes/).
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[UK Address Postcode Validation] I cant add the api key](https://wordpress.org/support/topic/i-cant-add-the-api-key/)
 *  Plugin Author [Ideal Postcodes](https://wordpress.org/support/users/idealpostcodes/)
 * (@idealpostcodes)
 * [5 years, 1 month ago](https://wordpress.org/support/topic/i-cant-add-the-api-key/#post-14386934)
 * Hi there
 * Could you drop an email to [support@ideal-postcodes.co.uk](https://wordpress.org/support/users/idealpostcodes/replies/support@ideal-postcodes.co.uk?output_format=md)
   with the version of the plugin you’re using and the version of WooCommerce? A
   screenshot of the issue would be great too
 * Thanks

Viewing 8 replies - 1 through 8 (of 8 total)