PT-2020-17101 · WordPress · Woocommerce

Name of the Vulnerable Software and Affected Versions: WooCommerce plugin versions prior to 4.7.0 Description: The issue allows remote attackers to view the status of arbitrary orders via the order id parameter in a fetch order status action. This could potentially expose sensitive information...

WordPress plugin WooCommerce 权限许可和访问控制问题漏洞

WooCommerce is an open source WordPress e-commerce plugin. WooCommerce versions prior to 4.7.0 are vulnerable to privilege permission and access control issues, which can be exploited by a remote attacker to view the status of any order via the orderid parameter in the fetchorderstatus operation...