2 matches found
EUVD-2025-197968
The Live sales notification for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.3.39. This is due to the "getOrders" function lacking proper authorization and capability checks when the plugin is configured to display recent order...
Judge.me : IDOR: leak buyer info & Publish/Hide foreign comments
HI @judgeme! I noticed that the attacker can learn email users who left feedback at the time of buying. Step to reproduce: 1. Login to our store and install your 'Checkout Comments' addon 2. Make fake order in or store and write a comment ███ 3. Then go to our Shopify...