Ideal Postcodes
Forum Replies Created
-
Forum: Plugins
In reply to: [UK Address Postcode Validation] Fix Country fieldHi there
I’m afraid we aren’t able to get to the bottom of it using the stock woocommerce configuration and some others we keep in our test suite
Would you mind sending an email to [email protected] – we think there might be a customisation of the checkout interfering with your plugin. So we’d like to see the checkout itself if possible. That way we can either update our plugin or provide a code snippet for yours to get it working
Forum: Plugins
In reply to: [UK Address Postcode Validation] Fix Country fieldHi Avinash
Thanks for this request. Would you mind sharing the version numbers of the plugin, WordPress and WooCommerce you’re on?
Feel free to copy this query into [email protected] if you want to take this private
Thanks
Forum: Plugins
In reply to: [UK Address Postcode Validation] Security FlagHi there
We were able to get a hold of PatchStack a couple weeks ago to close this off: https://patchstack.com/database/wordpress/plugin/uk-address-postcode-validation/vulnerability/wordpress-uk-address-postcode-validation-plugin-3-9-2-sensitive-data-exposure-vulnerability
Forum: Plugins
In reply to: [UK Address Postcode Validation] Unpatch Security IssueHi there
We were able to get a hold of PatchStack a couple weeks ago to close this off: https://patchstack.com/database/wordpress/plugin/uk-address-postcode-validation/vulnerability/wordpress-uk-address-postcode-validation-plugin-3-9-2-sensitive-data-exposure-vulnerability
Forum: Plugins
In reply to: [UK Address Postcode Validation] Unpatch Security IssueThanks for your understanding. We’re keeping an overview and timeline to resolution here: https://docs.ideal-postcodes.co.uk/docs/integrations/woocommerce#cve-2025-57923-sensitive-data-exposure-report
Forum: Plugins
In reply to: [UK Address Postcode Validation] Unpatch Security IssueHi there
We have investigated the Patchstack report (CVE-2025-57923) and can provide immediate clarification:
The exposed Information is a public-facing API Key and is not a security risk.
We’ve clarified what the issue with Patchstack. We discovered the “sensitive data” exposed by the plugin is a public-facing API key used for our address lookup service. This key is not a secret credential and does not pose a vulnerability to your site.
This method of using a publicly viewable key for address lookup is standard practice for API usage. Similar services like Google Maps and Mapbox also rely on public API keys. These keys serve primarily to identify and meter usage (for billing and rate limiting), rather than act as a secret for protecting private data.
If this were a real CVE, we would *immediately* ship a fix and notify customers. However there is no way to fix this because it is working as designed.
Patchstack’s last email to us was sent 6th October 2025, wanting to clarify where we documented API keys were public. We responded the same day with documentation demonstrating the “sensitive data” was in fact a public-facing API key. We received no reply.
We have sent 5 emails between then and today (23 October) asking they either correct the CVE or explain why this qualifies as a vulnerability in light of the information we have provided. We have received no replies or even acknowledgement of these emails.
We will shortly be issuing a patch a breakdown of this CVE and Patchstack’s response to date. Given their lack of communication, we have also notified Patchstack’s CNA about this issue to resolve the CVE higher up.
- This reply was modified 7 months ago by Ideal Postcodes.
- This reply was modified 7 months ago by Ideal Postcodes.
Forum: Plugins
In reply to: [UK Address Postcode Validation] I cant add the api keyHi there
If you’re using the Address Finder (Address Autocomplete), you should be able to use the Address Finder override field.
I suspect this can be done by adding the following to your override:
{ onLoaded: function () { this.view.input.placeholder = "My Custom Message"; } }Do feel free to drop by chat.ideal-postcodes.co.uk if you need realtime assistance on this.
- This reply was modified 5 years ago by Ideal Postcodes.
Forum: Plugins
In reply to: [UK Address Postcode Validation] I cant add the api keyHi there
Could you drop an email to [email protected] with the version of the plugin you’re using and the version of WooCommerce? A screenshot of the issue would be great too
Thanks