Closed thelonewolf123 closed 3 years ago
'secretkey' : "<?php echo $this->get_config('secretkey'); ?>", 'amount' : "<?php echo str_replace(".", "", $cost); ?>", 'currency' : "<?php echo strtolower($instance->currency); ?>", 'description' : "<?php echo 'Enrolment charge for '.$coursefullname; ?>", 'courseid' : "<?php echo $course->id; ?>", 'receiptemail' : emailId,
from the above code, you can see the plugin leaking the stripe secret key. This key should be stored on the server and never exposed to the public.
This project contained some serious vulnerabilities,
from the above code, you can see the plugin leaking the stripe secret key. This key should be stored on the server and never exposed to the public.