Major Security Issue – Use At Your Own Risk

The latest version has a check in place so you can’t change the price input field value. If you change the price then the validation will fail and give an error.

If you have more specific info to share, please send details to us using our contact form here and we follow it up for sure:
https://support.tipsandtricks-hq.com/contact

I don’t think you fully did the transaction for the test. Remember, the plugin will validate the PayPal IPN after the payment. And if it finds that the price was altered, it WON’T process the order.

Everything in the PayPal IPN needs to be validated. It was missing a price check validation which it now has. So you can’t make a wrong payment and get the product automatically.

If you keep the debug option enabled then you will be able to see how the plugin catches it and stops the order from processing in the log data.

I have tested it and it works. If you send me details via our contact form about your testing details, I will be able to shed more light.

You know I really don’t appreciate being called incompetent or a liar. I know how to use your plugin and I would not post anything that was not true.

I just did a complete transaction using your plugin through PayPal where I changed an items price that should have processed for $39.95 to $0.01 and the transaction completed perfectly.

If you are so confident in your plugin’s security, I am willing to test it on your website. I’m going to email you using the address you provided in the support thread. You set it up where I can download your software using this plugin and if I’m successful, you provide me the complete bundle of your products for the price I set.

In return, I will show you again just exactly how easy this was done.

I believe this is a fair offer considering the embarrassment you have caused me. Oh I would like a public apology as well.

No one is calling you a liar. We are just trying to get to the bottom of this (by trying to guess all the potential possibilities). Very sorry if that came across wrong. We have received your email and we will follow it up.

Emails exchanged.

Challenge accepted.

Waiting on the Author to set up.

Results to follow.

About the guessing part…. I did explain this completely in the original post and I knew I would not be allowed to do that again.

We didn’t even think about contacting each other on the side like we’re doing now. I can’t post my email address here. Your link works though. Lesson learned.

I do believe you will fix this once you completely understand how easy this is done.

The transaction processed.

Thank You

Thank You for Your Purchase

You will receive an email shortly which will contain the details of this transaction.

Any items to be shipped will be processed as soon as possible, any downloadable items can be downloaded using the encrypted links in the email. The encrypted download links will remain valid for 24 hours.

If you have paid for a membership account you will receive an email with a unique link that will allow you to chose your username and password and complete the registration process. Once you are registered you will be able to log into the site and enjoy the member’s only content.

PayPal took my money.

You sent a payment of $0.01 USD to Tips & Tricks HQ. ([email protected])

Waiting on their email for my download.

I told you it could be done. Now you need to hold up your end.

Well it has now been an hour and no email as yet.

They were kind enough to send me a link where I could check their debug log of this transaction. I compared their log to the log my site created.

1. Their log shows where a validation check was done. Mine does not.
2. Their log shows an incorrect IP Address for me. Mine does not.
   My log lists my correct IP Address
3. Their log shows where an email confirmation was not sent. Mine does.
   Obviously, I received their email confirmation. I posted it above.

They just updated their plugin to version 4.1.2

I really hope this corrects the problem. Let’s see if it does. It will be interesting to see if they hold up their end of the agreement.

To be continued….

Version 4.1.2 appears to have corrected this issue.

Tips & Tricks HQ has held up their end of the agreement, sort of.

1. I did get the bundle for the price I set, although I have not been added to their website for updates like any other purchaser would have been.
2. I never did get the public apology.

In summary….

Peter at Tips & Tricks HQ handled himself quite well. I’m sorry this took so long to resolve, but I’m glad we finally agree the plugin works as promised and the users are now safe and secure.

Glad to hear that it’s working for you now.