CVE-2014-9025

The default checkout completion rule in the commerceorder module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors...

DRUPAL-CONTRIB-2021-032

This module provides a system for building an ecommerce solution in their Drupal site. The module doesn't sufficiently verify access to profile data in certain circumstances. This vulnerability is mitigated by the fact that an attacker must have permission to perform the checkout operation...