It seems like donation form missing nonce verification, we have global JS variable give_global_vars.checkout_nonce but not passing anywhere when submitting donation form.

### WordPress Environment ###
Home URL: http://localhost/givefortest/18
Site URL: http://localhost/givefortest/18
WP Version: 4.9.1
WP Multisite: โ
WP Memory Limit: 256 MB
WP Debug Mode: โ
WP Cron: โ
Language: en_US
Permalink Structure: /%year%/%monthnum%/%day%/%postname%/
Show on Front: posts
Table Prefix Length: 3
Table Prefix Status: Acceptable
Admin AJAX: Inaccessible
Registered Post Statuses: publish, future, draft, pending, private, trash, auto-draft, inherit, refunded, failed, revoked, cancelled, abandoned, processing, preapproval
### Server Environment ###
Hosting Provider: DBH: localhost, SRV: localhost
TLS Connection: Connection uses TLS 1.2
TLS Connection: Probably Okay
Server Info: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/7.0.18
PHP Version: 7.0.18
PHP Post Max Size: 8 MB
PHP Time Limit: 0
PHP Max Input Vars: 1000
PHP Max Upload Size: 2 MB
cURL Version: 7.51.0, OpenSSL/1.0.2j
SUHOSIN Installed: โ
Default Timezone is UTC: โ
fsockopen/cURL: โ
SoapClient: โ Your server does not have the SoapClient class enabled - some gateway plugins which use SOAP may not work as expected.
DOMDocument: โ
gzip: โ
GD Graphics Library: โ
Multibyte String: โ
Remote Post: โ
Remote Get: โ
### Give Configuration ###
Give Version: 1.8.19
Database Updates: All DB Updates Completed.
Upgraded From: โ
Test Mode: Enabled
Currency Code: USD
Currency Position: Before
Decimal Separator: .
Thousands Separator: ,
Success Page: http://localhost/givefortest/18/donation-confirmation/
Failure Page: http://localhost/givefortest/18/donation-failed/
Donation History Page: http://localhost/givefortest/18/donation-history/
Give Forms Slug: /donations/
Enabled Payment Gateways: Test Donation, Offline Donation
Default Payment Gateway: Offline Donation
PayPal IPN Verification: Enabled
PayPal IPN Notifications: N/A
Admin Email Notifications: Enabled
Donor Email Access: Enabled
### Session Configuration ###
Give Use Sessions: Enabled
Session: Disabled
### Active Give Add-ons ###
Give - Stripe Gateway: โ Unlicensed โ by WordImpress โ 1.5.1
### Other Active Plugins ###
### Inactive Plugins ###
Akismet Anti-Spam: by Automattic โ 4.0.1
Give - Fee Recovery: by WordImpress โ 1.3.4
Hello Dolly: by Matt Mullenweg โ 1.6
### Theme ###
Name: Twenty Seventeen
Version: 1.4
Author URL: https://wordpress.org/
Child Theme: No โ If you're modifying Give on a parent theme you didn't build personally, then we recommend using a child theme. See: How to Create a Child Theme
The nonce should be renamed to donation_form_nonce and checked at form validation.
This Nonce should be used when changing the Country in the Billing Details Section
@emgk Create a general function for nonce validation which we can use anywhere in donation form processing.
function give_verify_donation_form_nonce(){}
Most helpful comment
@emgk Create a general function for nonce validation which we can use anywhere in donation form processing.