Stripe API keys are left exposed

  • Resolved webkix

    (@webkix)


    4 years, 9 months ago

    Just got a warning message and checked the code looks like you have left the stripe secret keys publicly exposed via ajax call. This is very sensitive as people can use these keys to make unauthorized API requests.

    You have a js variable called wpsdAdminScriptObj and saving the api keys to the front end. Not good at all.

Viewing 1 replies (of 1 total)
  • Plugin Author Hossni Mubarak

    (@mhmrajib)

    Hello,

    Thank you for informing us.

    We have applied security to secret key in the upgraded version 1.3.

    Hope this solves the issue.

    Thank you.

Viewing 1 replies (of 1 total)
  • The topic ‘Stripe API keys are left exposed’ is closed to new replies.