WordPress.org

Plugin Reviews

WordPress Simple Paypal Shopping Cart

Very easy to use Simple WordPress Paypal Shopping Cart Plugin. Great for selling products online in one click from your WordPress site.

107 reviews
Average Rating
4.6 out of 5 stars
Love it!
By , for WP 4.2.3

I have been looking for an alternative to my hosted e-commerce store and decided to give this a try, very easy to install, love the instructional videos and they are very quick to answer any questions I've had.

Love this app! Need some assistance with shipping through paypal...
By ,

Love the videos and ease of use. Just having one issue with shipping calculations and shipping charges if using paypal calculations...
Thanks for your help!!!

Great Plugin! Simple and effective, love it.
By ,

I am not a very tech savvy person but I was able to set this plugin up to do everything I wanted and needed it to do without issue, it is simple and effective. Thanks so much for this great free shopping cart solution!

price up to 4 decimal point
By , for WP 4.2.2

sir i my question is, before my paypal page i select total quantity for ex:400 and its total price 69.63euro so at paypal page it should display total quantity 400 and total price 69.63 euro.but it multiply 400*69.63 and shows total price 27852 euro.that is wrong.
1.if you tell me where to change the code for multiplication. OR
2. an alternative for this instead of sending total price 69.63 i divided total price by quantity i get value 0.174075 for 1 quantity. so i am sending 0.174075 this value at paypal page where it should multiply total quantity and display total price 69.63. but it is not accepting
0.174075 .it accept only 0.17 and give total price 68.00euro. so i changed the
function $formatted_price = number_format($price, 2, '.', ',') to
$formatted_price = number_format($price, 4, '.', ',') but it shows me error.it is not accepting decimal point more than two point.so plz help me about solving this. its urgent.

Works....
By ,

Great plugin and fairly easy to configure.

Major Security Issue - Use At Your Own Risk
By , for WP 4.2.2

The Simple WordPress Paypal Shopping Cart Plugin looks good, functions well and is easy to use. You would think that the developers of so many plugins would create this to be safe and secure. It is not.

Last week, I discovered a major flaw in the use of the Simple WordPress Paypal Shopping Cart Plugin that allows a customer to change the price that is charged by PayPal. The transaction completes and if you don't know the price of all of your products, you might never catch it. I caught this error because it allowed a purchase process for FREE.

You may be asking yourself why this issue is not showing up in the support forum. It was. I had reported the issue in great detail. The post was removed. Let me explain why.

Hey,

This is just a quick email to let you know I've deleted the thread you posted:
https://wordpress.org/support/topic/customers-can-change-purchase-price

The WordPress.org plugins team is going to follow up with the author to explain the detail and get them to fix the plugin.

The main reason I've deleted it (which can be undone later on if need be) is we'd like to work with the developer to get the plugin (and any others affected) fixed to project the users of the plugin, without spreading the vulnerability to more sites.

Thanks for bringing to light the issue.
The plugins team can be contacted directly at plugins@wordpress.org, if you run into any similar security/major vulnerabilities in plugins in the future and can't contact the author directly, please feel free to reach out to them. They'll gladly get plugin authors to fix it :)

Thanks
Dion Hulse
WordPress Lead Developer

OK, I get that you would not necessarily want to broadcast a major vulnerability about a broken plugin, showing the public how easy it is to cheat the more than 50,000 users selling products. If I were to experience this again, I have learned from the above email to report it to the Plugins Team and let them handle this.

I disagree with completely removing the issue from the forum. I understand removing the steps that show how it is done, but I feel the users of this plugin have a right to know and need to be aware of such a vulnerability.

What concerns me is the attitude that one of the developers took when this was reported. We got into an argument about this being a true concern.

mra13 wrote:

This is a simple plugin for people with very simple needs. Most people use it to sell a service or some physical products. Being able to change values using (REMOVED) or something similar is a common thing that you can do to all carts. What you are looking for is something that has advanced validation checks that is performed after a payment to detect this kind of changes. That is beyond the scope of this very simple plguin. Search for something that is a little more heavy-weight solution and hopefully you will get what you are looking for.
PS. I have been selling online for a long time... your genuine customers are just going to pay you the money. If someone wants to scam you, he will mostly use stolen card or account to do the transaction so that is really where you main concern will be.

Unfortunately, WordPress does not send you an email when you reply to a posting or I would have included it here. After receiving the above response, I blasted back, pointing out that the developers must have known about this since they used a more secure shopping cart for purchases on their own website.

It has been more than a week since this took place and I see that the issue has not been corrected. The plugin has not been updated. (Version 4.0.9 - Last Updated: 2015-6-4)

The developers do have a solution, but they want you to buy it.

There are other "more heavy-weight" free plugins out there that use the "advanced validation checks". I recommend you use one.

Good Plugin
By , for WP 4.2.2

Not knowledgeable tech wise and this plugin makes it much easier.

short...awesome piece of software
By , for WP 4.2.2

Can be used on any item.That's what i call flexible.
Thanks

Everything is possible
By , for WP 4.2.2

Works well, having no words to describe its simplicity and ease in setting it up in admin panel.

Thanks for the great plugin, definitely recommend to others.

Great Cart
By , for WP 4.2.2

I was very surprised how many functions this cart offers. I am using the cart on my website GPS Tracker Sim Cards

Thanks
Dave

You must log in to submit a review. You can also log in or register using the form near the top of this page.