How can we help you today?
Insecure data transfer to the Searchanise servers
Hi,
Thank you for your information. We have forwarded it to our developers and the changes should be included in one of the future updates.
btw, you have the same issue in the WooCommerce Searchanise addon (Version:1.0.4).
File: "./wp-content/plugins/smart-search-for-woocommerce/init.php"
Contant: "fn_se_define('SE_SERVICE_URL', 'http://www.searchanise.com');"
---
AWS Cloud hosting for CS-Cart, Multi-Vendor, WordPress, and Magento
by Simtech Development - AWS and CS-Cart certified hosting provider
free installation & migration | free 24/7 server monitoring | free daily backups | free SSL | and more...
Roman Ananev
Hello,
Your addon initiates insecure data transfer of such information as email and parent_private_key via HTTP connection with no encryption. This is highly insecure because a lot of shared hosting providers or transport providers have sticky fingers and pass/sell this data to third parties.
I mean the "SE_SERVICE_URL" constant in "Not configurable constants" (app/addons/searchanise/func.php), which contains hardcoded URL "http://www.searchanise.com" and is used in the code 6 times. Please fix it.
---
AWS Cloud hosting for CS-Cart, Multi-Vendor, WordPress, and Magento
by Simtech Development - AWS and CS-Cart certified hosting provider
free installation & migration | free 24/7 server monitoring | free daily backups | free SSL | and more...