whilst evaluating WooCommerce v1.6.6 (lattest) (+ wp 3.4.2) using pretty much default setup (login not required to purchase) - i noticed that customer details and order details are accessible in plain sight.
eg: on url such as:
- without having to login or maintain cookie.
although obviously there's a fairly low likelyhood of hitting such a url by accident/chance, it probably wouldnt take much of a brute force effort to scan for such active url's and harvest lots of personal data.
could someone please advise whether there are ways to tighten this up?
(either via setup/config, allowing only logged in users to view such pages, whatever).
seems to me like a bit of a security hole.
thanks for any feedback/recommendations.