WordPress.org

Ready to get started?Download WordPress

Forums

WooCommerce - excelling eCommerce
woocommerce v1.6.6 - security concern/question (1 post)

  1. rcain
    Member
    Posted 1 year ago #

    whilst evaluating WooCommerce v1.6.6 (lattest) (+ wp 3.4.2) using pretty much default setup (login not required to purchase) - i noticed that customer details and order details are accessible in plain sight.

    eg: on url such as:

    http://mysite.co.uk/checkout/order-received?order=10793&key=order_50ea49c3399e7

    - without having to login or maintain cookie.

    although obviously there's a fairly low likelyhood of hitting such a url by accident/chance, it probably wouldnt take much of a brute force effort to scan for such active url's and harvest lots of personal data.

    could someone please advise whether there are ways to tighten this up?
    (either via setup/config, allowing only logged in users to view such pages, whatever).

    seems to me like a bit of a security hole.

    thanks for any feedback/recommendations.

    http://wordpress.org/extend/plugins/woocommerce/

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic