2 matches found
CVE-2017-3211
CVE-2017-3211 involves Yopify, a customer-notification plugin, leaking PII (first name, last initial, city, and recent purchases) without user authorization. Connected docs confirm the root cause: the plugin loads a JSON blob containing user data via a site-specific API key, exposing data to any ...
Privacy Issue Fixed in Yopify Ecommerce Notification Plugin
A plugin used by a number of popular ecommerce platforms has an over-sharing problem. Yopify, which provides popup notifications about the last 50 purchases made on a site for Shopify, BigCommerce and other platforms, leaks a significant amount of customers’ personal information to a determined...