WordPress.org

Plugin Reviews

WordPress Simple Paypal Shopping Cart

Very easy to use Simple WordPress Paypal Shopping Cart Plugin. Great for selling products online in one click from your WordPress site.

11 reviews
Average Rating
4.6 out of 5 stars
You are currently viewing the reviews that provided a rating of 4 stars. Click here to see all reviews.
Works well for us
By , for WP 4.2.2

For a simple ticket sales page free version worked fine for us, a 401c3.
A small feature we'd like to see - a "limit count" so we don't oversell.
Not a showstopper.

Great Plugin
By , for WP 4.1

Very simple, well made and functional. If there was the option to set the quantity of a single item to 1 would be perfect

Simple to use but, no option for price per variation??
By ,

I downloaded this and find it easy to use, which I like.

However, I need an option to provide different prices based on variations. For example, I want to be able to over standard, priority, and rush delivery. Each of these would have a different price for the variation.

Also, I can't offer different shipping prices based on quantity ordered. Has this been addressed and I missed it?

great for existing inventory
By ,

worked in our case where we had 100s of existing inventory to which we just wanted to add on ecommerce

Best eCommerce Platform
By , for WP 4.0

It lacks advanced features but still is the best shopping cart plugin to launch an online store for free. Thanks for this great plugin.

Good
By , for WP 4.0

Good, smooth, I like it..

Security considerations when selling digital goods
By , for WP 3.9

Hello.

I'm using this plugin standalone on my wordpress site to sell software licenses. Maybe this plugin is valid for manual sales but It's insecure and I want to share my findings.

If you manually check transactions at paypal before sending items, or have additional fraud controls you are safe, so ignore my comments :)

By default you are exposed to several fraud risks if you use this plugin to sell digital goods that should be considered.

1- eCommerce impersonation: business paypal address are not valided by default. Therefore someone could resend you other ecommerce valid IPN notification and trigger actions one your system.

as a quick fix por paypal.php code:

$business = $this->ipn_data['business'];
if ($business != 'ecommerce@yoursite.com' ) {
$this->debug_log('INVALID IPN: unknown business: '.$business,true);
die();
}

I've implemented somo functions to generate software licenses once the IPN is validated however there are some more security considerations:

2 - IPNs can be send several times by an attacker. Be careful and check if paypal transaction ID was already used ( $txn_id ). Unless you check it you are going to sell items or generate licenses more than once for the same payment.

3- Prices are not validated: An user can intercept the request generated by the browser and modify the product price before it reaches paypal, because its not using certificate keys. An attacker can set a price of 0.1$ for example.
Your payment will succeed in the same way as the transaction (IPN) validation once it reaches your wordpress site, because the transaction is valid and was generated from paypal (the only problem is that paypal doesn't know which price is the real one.)
Double check your price at $current_cart_item['price'] for your cart or mc_gross when paying with a paypal button.

Regards,

Andres Tarasco

Great Pluggin
By , for WP 3.6

Works great, easy to use

Almost 5 stars!
By , for WP 3.5.1

If there were something that showed the customer that their shipping became free at a certain value, I would go from 4 to 5 stars. Other than that, it is a fantastic tool.

Works for me
By , for WP 3.4.2

We only offer three items on our site and it is works for our needs. It's simple. I don't know how it would work for a really busy site.

You must log in to submit a review. You can also log in or register using the form near the top of this page.