Join our new community forum for support & discussion

Join Now

Home Support Themes RentalHive Serious Flaw – Payment Can Be Changed From Cart Page

Serious Flaw – Payment Can Be Changed From Cart Page

  • Author
  • 515hosting

    I have a test user renter and a test landlord setup.
    I’m using Checking Payment Processing for test purposes.

    I noticed today, if you type in “/cart” to view the Cart, you can manually change the price of the Order by decreasing the quantity, but still lock in the dates. The admin of the site approves the payment as completed at the lower amount, the commission is based upon the lower amount, but the Booking remains reserved for the original number of nights.

    This is a pretty serious vulnerability in my opinion.

    Temporarily, I think a quick solution I could implement would be setting up a redirect I suppose to ensure the cart page can’t be accessed; however, that could cause problems if a site is using a combination of bookings and physical products.

    Please advice.

    ihor developer

    Thanks for reporting this issue – will be fixed in the next Bookings update. Please consider using a redirect as a temporary fix, we’ll probably resolve this in the same way, but with an extra check that the cart currently contains a product with linked booking.


    Appreciate it. I’m not using physical products or have any need for the cart, so I’ll just do a 302 redirect and call it good until the final fix is released.

    Thanks for the prompt response.

Viewing 3 posts - 1 through 3 (of 3 total)

New Reply

This forum has been archived and is no longer accepting new posts or replies. Please join our new community forum for support & discussion.