Title: possible hack Last modified: July 25, 2023 --- # possible hack * Resolved [davidgimenez](https://wordpress.org/support/users/davidgimenez/) * (@davidgimenez) * [2 years, 10 months ago](https://wordpress.org/support/topic/possible-hack-10/) * How is it possible that a user tries to buy a downloadable product and is left pending and then with another email in the same account makes it possible for him to buy a product for x money at 0 price? That is the email [malog86451@nmaller.com](https://wordpress.org/support/topic/possible-hack-10/malog86451@nmaller.com?output_format=md) that he uses to make purchases with a card on the website for products for x money at 0 euros. I can’t explain how he gets it and I have no errors on my website. I use woocommerce with storefront Viewing 5 replies - 1 through 5 (of 5 total) * [Saif](https://wordpress.org/support/users/babylon1999/) * (@babylon1999) * [2 years, 10 months ago](https://wordpress.org/support/topic/possible-hack-10/#post-16935671) * Hello [@davidgimenez](https://wordpress.org/support/users/davidgimenez/), Thank you for reaching out!Can you please provide step-by-step instructions on how to reproduce this? It would be great if you could also include a few screenshots.:‎) * Look forward to hearing back from you. * Thread Starter [davidgimenez](https://wordpress.org/support/users/davidgimenez/) * (@davidgimenez) * [2 years, 10 months ago](https://wordpress.org/support/topic/possible-hack-10/#post-16937080) * I don’t have more information or errors on how you could get to buy paid products totally free from what I could see. I tried to pay with a registered email and I was pending and with that email that I published I made the purchases for free when the products are from I don’t understand how I got it because I tested it on my website and I have mega security and I didn’t see any errors, it was some error on the part of woocommerce on the checkout page somehow it makes the products free to pay * [Saif](https://wordpress.org/support/users/babylon1999/) * (@babylon1999) * [2 years, 10 months ago](https://wordpress.org/support/topic/possible-hack-10/#post-16950878) * > I don’t have more information or errors on how you could get to buy paid products > totally free from what I could see. * If I understand this correctly, you’re able to download products before making a payment, essentially right after you place an order, correct? * You can modify this by going to WooCommerce → Settings → Products → Downloadable Products. * Link to image: [https://d.pr/i/kEmxM0](https://d.pr/i/kEmxM0) * If that doesn’t seem to be the issue, could you kindly provide us with step-by- step instructions on how to recreate the problem? This way, we can try to replicate it on our end. For example: 1. Create a downloadable product from All Products → Add new 2. Adding a file with a specific name. 3. Add the product to the cart and test the order using a certain payment gateway. 4. And so on. * Look forward to hearing back from you. :‎) * Thread Starter [davidgimenez](https://wordpress.org/support/users/davidgimenez/) * (@davidgimenez) * [2 years, 10 months ago](https://wordpress.org/support/topic/possible-hack-10/#post-16951134) * I use the YITH WooCommerce Stripe Premium payment gateway and I tell the following I realized that a user tried to pay for a paid product but it remained pending after that the same user with that email that he provided without changing the initial email made a purchase with 0 dollar card when the product had a price. I looked for errors and carried out tests and I did not find anything. Somehow I cheated the payment system of the payment gateway and of woocommerce to buy at 0 euros when the product had a price. * [anastas10s](https://wordpress.org/support/users/anastas10s/) * (@anastas10s) * [2 years, 10 months ago](https://wordpress.org/support/topic/possible-hack-10/#post-16962988) * Howdy [@davidgimenez](https://wordpress.org/support/users/davidgimenez/) 👋 * > possible hack * nmaller.com appears to be [a disposable email domain](https://www.mailboxvalidator.com/domain/nmaller.com). * > I tried to pay with a registered email and I was pending and with that email > that I published I made the purchases for free when the products are from I > don’t understand how I got it because I tested it on my website and I have > mega security and I didn’t see any errors, it was some error on the part of > woocommerce on the checkout page somehow it makes the products free to pay * Nevertheless, I understand you are able to reproduce this, with a different email address. Correct? * > I use the YITH WooCommerce Stripe Premium payment gateway * Did you already have a chance to get in touch with the payment gateway’s support channel regarding this? * Furthermore, are you able to reproduce this with one of the [WooCommerce core payment options](https://woocommerce.com/documentation/woocommerce/getting-started/sell-products/core-payment-options/), or otherwise? * I trust that points you in the right direction, but if you have more questions, let us know. * We’re happy to help. Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘possible hack’ is closed to new replies. * ![](https://ps.w.org/woocommerce/assets/icon.svg?rev=3234504) * [WooCommerce](https://wordpress.org/plugins/woocommerce/) * [Frequently Asked Questions](https://wordpress.org/plugins/woocommerce/#faq) * [Support Threads](https://wordpress.org/support/plugin/woocommerce/) * [Active Topics](https://wordpress.org/support/plugin/woocommerce/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/woocommerce/unresolved/) * [Reviews](https://wordpress.org/support/plugin/woocommerce/reviews/) * 5 replies * 3 participants * Last reply from: [anastas10s](https://wordpress.org/support/users/anastas10s/) * Last activity: [2 years, 10 months ago](https://wordpress.org/support/topic/possible-hack-10/#post-16962988) * Status: resolved