{"id":1160732,"date":"2016-09-06T18:00:10","date_gmt":"2016-09-07T01:00:10","guid":{"rendered":"https:\/\/theeventscalendar.com\/support\/forums\/topic\/security-issue-a-registered-user-tried-to-purchase-a-pending-event-ticket\/"},"modified":"2016-09-06T18:00:10","modified_gmt":"2016-09-07T01:00:10","slug":"security-issue-a-registered-user-tried-to-purchase-a-pending-event-ticket","status":"closed","type":"topic","link":"https:\/\/theeventscalendar.com\/support\/forums\/topic\/security-issue-a-registered-user-tried-to-purchase-a-pending-event-ticket\/","title":{"rendered":"Security Issue: A registered user tried to purchase a pending event ticket"},"content":{"rendered":"<p>Hi,<\/p>\n<p>Recently, we had a potential security threat. A registered user(email) on our website tried to purchase an event ticket which was still in pending stage.<\/p>\n<p>We are using Community Events, Community Tickets plugins as well. Payment gateway used on our website is Stripe.<br \/>\nScenario:<br \/>\n1. A user is registered on our website(May be a fake user)<br \/>\n2. An event is submitted on our website by another registered user(potentially a fake event)<br \/>\n3. User from Step 1 tried to purchase tickets. The user could add ticket to cart and processed payment. Stripe, however, rejected the payment for some reason and purchase was not successful<\/p>\n<p>Questions:<br \/>\n1. Can you please advise how the user could get through to an event owned by another user and that event is still in pending stage(Not yet approved)?<br \/>\n2. What we can do to increase security?<\/p>\n<p>Thanks.<\/p>\n","protected":false},"template":"","class_list":["post-1160732","topic","type-topic","status-closed","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Security Issue: A registered user tried to purchase a pending event ticket -<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/theeventscalendar.com\/support\/forums\/topic\/security-issue-a-registered-user-tried-to-purchase-a-pending-event-ticket\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security Issue: A registered user tried to purchase a pending event ticket -\" \/>\n<meta property=\"og:description\" content=\"Hi, Recently, we had a potential security threat. A registered user(email) on our website tried to purchase an event ticket which was still in pending stage. We are using Community Events, Community Tickets plugins as well. Payment gateway used on our website is Stripe. Scenario: 1. A user is registered on our website(May be a [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/theeventscalendar.com\/support\/forums\/topic\/security-issue-a-registered-user-tried-to-purchase-a-pending-event-ticket\/\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/theeventscalendar.com\/support\/forums\/topic\/security-issue-a-registered-user-tried-to-purchase-a-pending-event-ticket\/\",\"url\":\"https:\/\/theeventscalendar.com\/support\/forums\/topic\/security-issue-a-registered-user-tried-to-purchase-a-pending-event-ticket\/\",\"name\":\"Security Issue: A registered user tried to purchase a pending event ticket -\",\"isPartOf\":{\"@id\":\"https:\/\/theeventscalendar.com\/support\/#website\"},\"datePublished\":\"2016-09-07T01:00:10+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/theeventscalendar.com\/support\/forums\/topic\/security-issue-a-registered-user-tried-to-purchase-a-pending-event-ticket\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/theeventscalendar.com\/support\/forums\/topic\/security-issue-a-registered-user-tried-to-purchase-a-pending-event-ticket\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/theeventscalendar.com\/support\/forums\/topic\/security-issue-a-registered-user-tried-to-purchase-a-pending-event-ticket\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/theeventscalendar.com\/support\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Topics\",\"item\":\"https:\/\/theeventscalendar.com\/support\/topics\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Ticket Products\",\"item\":\"https:\/\/theeventscalendar.com\/support\/forums\/forum\/event-tickets\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Community Tickets\",\"item\":\"https:\/\/theeventscalendar.com\/support\/forums\/forum\/event-tickets\/community-tickets\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Security Issue: A registered user tried to purchase a pending event ticket\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/theeventscalendar.com\/support\/#website\",\"url\":\"https:\/\/theeventscalendar.com\/support\/\",\"name\":\"\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/theeventscalendar.com\/support\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security Issue: A registered user tried to purchase a pending event ticket -","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/theeventscalendar.com\/support\/forums\/topic\/security-issue-a-registered-user-tried-to-purchase-a-pending-event-ticket\/","og_locale":"en_US","og_type":"article","og_title":"Security Issue: A registered user tried to purchase a pending event ticket -","og_description":"Hi, Recently, we had a potential security threat. A registered user(email) on our website tried to purchase an event ticket which was still in pending stage. We are using Community Events, Community Tickets plugins as well. Payment gateway used on our website is Stripe. Scenario: 1. A user is registered on our website(May be a [&hellip;]","og_url":"https:\/\/theeventscalendar.com\/support\/forums\/topic\/security-issue-a-registered-user-tried-to-purchase-a-pending-event-ticket\/","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/theeventscalendar.com\/support\/forums\/topic\/security-issue-a-registered-user-tried-to-purchase-a-pending-event-ticket\/","url":"https:\/\/theeventscalendar.com\/support\/forums\/topic\/security-issue-a-registered-user-tried-to-purchase-a-pending-event-ticket\/","name":"Security Issue: A registered user tried to purchase a pending event ticket -","isPartOf":{"@id":"https:\/\/theeventscalendar.com\/support\/#website"},"datePublished":"2016-09-07T01:00:10+00:00","breadcrumb":{"@id":"https:\/\/theeventscalendar.com\/support\/forums\/topic\/security-issue-a-registered-user-tried-to-purchase-a-pending-event-ticket\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/theeventscalendar.com\/support\/forums\/topic\/security-issue-a-registered-user-tried-to-purchase-a-pending-event-ticket\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/theeventscalendar.com\/support\/forums\/topic\/security-issue-a-registered-user-tried-to-purchase-a-pending-event-ticket\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/theeventscalendar.com\/support\/"},{"@type":"ListItem","position":2,"name":"Topics","item":"https:\/\/theeventscalendar.com\/support\/topics\/"},{"@type":"ListItem","position":3,"name":"Ticket Products","item":"https:\/\/theeventscalendar.com\/support\/forums\/forum\/event-tickets\/"},{"@type":"ListItem","position":4,"name":"Community Tickets","item":"https:\/\/theeventscalendar.com\/support\/forums\/forum\/event-tickets\/community-tickets\/"},{"@type":"ListItem","position":5,"name":"Security Issue: A registered user tried to purchase a pending event ticket"}]},{"@type":"WebSite","@id":"https:\/\/theeventscalendar.com\/support\/#website","url":"https:\/\/theeventscalendar.com\/support\/","name":"","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/theeventscalendar.com\/support\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/theeventscalendar.com\/support\/wp-json\/wp\/v2\/topic\/1160732","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/theeventscalendar.com\/support\/wp-json\/wp\/v2\/topic"}],"about":[{"href":"https:\/\/theeventscalendar.com\/support\/wp-json\/wp\/v2\/types\/topic"}],"version-history":[{"count":0,"href":"https:\/\/theeventscalendar.com\/support\/wp-json\/wp\/v2\/topic\/1160732\/revisions"}],"wp:attachment":[{"href":"https:\/\/theeventscalendar.com\/support\/wp-json\/wp\/v2\/media?parent=1160732"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}