The exposed API key ID and secret allows attackers to carry out transactions without the knowledge of the app owners.
This is a serious threat as it can be abused by anyone who gets access to this information, researchers said in their blog post. If an attacker gets hold of these details, he/she can easily perform fraudulent transactions on behalf of any user whose payment information has been leaked due to this vulnerability
https://t.co/Sb0nRFGoJg