Attack vector for hacking/ill-intented orders
-
Hi,
I just stumbled upon two empty orders without any content, no address, nothing…
The attacker used direct Ajax calls like ?wc-ajax=ppc-create-order / ?wc-ajax=ppc-approve-order to create and confirm orders directly.
As a result, orders were created and confirmed, reducing stock.
I wonder how this is possible in the first place and how I can harden the system against attacks like this,
Thanks
Markus
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
The topic ‘Attack vector for hacking/ill-intented orders’ is closed to new replies.
