Crosssite Scripting (XSS) WordPress WooCommerce
Customers enter their credit card twice on WooCommerce, and then a random purchase appears a few days later.
Problem
A fake checkout form was appearing instead of Stripe checkout.
- WordPress (multi-site)
- Network
- Wholesale
- Retail
- WooCommerce
- Stripe for WooCommerce
- Flatsome theme
- Various known plugins
Injected code into the Flatsome Theme advanced settings for custom footer script appearing as a `Google Tag Manager` script. This had control of the payment form appearence.
Before
After
Solution
Remove the erronous code from Flatsome theme editor in the 'head' scripts form.
Tags
WooCommerce, XSS
Dated
Created: Mar 19, 2024
Updated: Feb 12, 2025
Tanner Brodhagen
Founded Brod Solutions in 2012 with a passion for technology and helping people. Today I bring over a decade of website expertise to the eCommerce industry and have helped hundreds of store owners accomplish their next big thing. I'm married with two children. I enjoy sports, photography, woodworking and creating new solutions.