Contact

Crosssite Scripting (XSS) WordPress WooCommerce

Customers enter their credit card twice on WooCommerce, and then a random purchase appears a few days later.

Problem

A fake checkout form was appearing instead of Stripe checkout.

  • WordPress (multi-site)
    • Network
    • Wholesale
    • Retail
  • WooCommerce
  • Stripe for WooCommerce
  • Flatsome theme
  • Various known plugins

Injected code into the Flatsome Theme advanced settings for custom footer script appearing as a `Google Tag Manager` script. This had control of the payment form appearence.

Before

After

Solution

Tags

WooCommerce, XSS

Dated

Created: 19 Mar 2024

Updated: 19 Mar 2024

We are not just building websites; we are forging long-term partnerships.
Privacy PolicyTerms

© 2012-2024. Brod Solutions LLC. All rights reserved.