Unauthorized Data Access

Klaviyo Magento 2 is vulnerable to Unauthorized Data Access. The vulnerability is due to insufficient access controls in an endpoint, allowing attackers to read private customer data from stores by reclaiming guest-carts and accessing order details via the Magento API...

Read private customer data reclaiming carts in Klaviyo Magento

A researcher identified an endpoint in a thirth party module Klaviyo Magento 2 which allows to read private customer data from stores. It works by reclaiming any guest-cart as your own and reading the private data for the orders in the Magento API...

GHSA-HVGW-GG3P-295J Read private customer data reclaiming carts in Klaviyo Magento

A researcher identified an endpoint in a thirth party module Klaviyo Magento 2 which allows to read private customer data from stores. It works by reclaiming any guest-cart as your own and reading the private data for the orders in the Magento API...

PT-2024-40329 · Klaviyo · Klaviyo Magento 2

Name of the Vulnerable Software and Affected Versions: Klaviyo Magento 2 affected versions not specified Description: A researcher discovered an issue in a third-party module that allows reading private customer data from stores. This is achieved by reclaiming any guest-cart as one's own and then...