- This topic has 5 replies, 4 voices, and was last updated 9 years, 6 months ago by
.
-
Posts
-
Hi,
Recently, we had a potential security threat. A registered user(email) on our website tried to purchase an event ticket which was still in pending stage.
We are using Community Events, Community Tickets plugins as well. Payment gateway used on our website is Stripe.
Scenario:
1. A user is registered on our website(May be a fake user)
2. An event is submitted on our website by another registered user(potentially a fake event)
3. User from Step 1 tried to purchase tickets. The user could add ticket to cart and processed payment. Stripe, however, rejected the payment for some reason and purchase was not successfulQuestions:
1. Can you please advise how the user could get through to an event owned by another user and that event is still in pending stage(Not yet approved)?
2. What we can do to increase security?Thanks.
Hi.
Thanks for your detailed question.
Could you please specify what you have wp-admin > Events > Settings > Community > “Default status for submitted events” option
I’m guessing you have them set to Pending Review and that this wouldn’t happen if you set them to Draft instead.
Please let me know.
Hi Cliff,
You are right! The default setting we use is Pending Review.
I’ve changed it to “Draft” now! I hope it helps going forward.
Thank you.
Could you please go through your testing to see if the scenario you previously described is still possible while setting to Draft instead of to Pending Review?
Hey there! This thread has been pretty quiet for the last three weeks, so we’re going to go ahead and close it to avoid confusion with other topics. If you’re still looking for help with this, please do open a new thread, reference this one and we’d be more than happy to continue the conversation over there.
Thanks so much!
The Events Calendar Support Team
- The topic ‘Security Issue: A registered user tried to purchase a pending event ticket’ is closed to new replies.