Back to PayPal Support

t.filteau30364
t.filteau30364

I've noticed a rather disconcerting security issue with this plugin. Essentially, it creates a form that it submits to Paypal when you click the Buy/Donate button. However, if you press F12, in just about any browser and inspect the code, all you have to do is change the "amount" parameter to anything you like and Paypal will accept it without question. Of course, you can also add validation in your form thanks to the "data-request" attribute which will call a backend function where you can check if the amount is really what it should be. However, remove the "data-request" and your validation never gets called.

1-1 of 1