EUVD-2017-12332

Malware in sbrugna...

CVE-2017-3211

Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization...

CVE-2017-3211

Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization...

Authorization

Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization...

CVE-2017-3211 Centire Yopify leaks customer information

Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization...

CVE-2017-3211

CVE-2017-3211 involves Yopify, a customer-notification plugin, leaking PII (first name, last initial, city, and recent purchases) without user authorization. Connected docs confirm the root cause: the plugin loads a JSON blob containing user data via a site-specific API key, exposing data to any ...

R7-2017-05 | CVE-2017-3211: Centire Yopify Information Disclosure

This post describes a vulnerability in Yopify a plugin for various popular e-commerce platforms, as well as remediation steps that have been taken. Yopify leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization. This poses a significant...

Privacy Issue Fixed in Yopify Ecommerce Notification Plugin

A plugin used by a number of popular ecommerce platforms has an over-sharing problem. Yopify, which provides popup notifications about the last 50 purchases made on a site for Shopify, BigCommerce and other platforms, leaks a significant amount of customers’ personal information to a determined...