WooCommerce Email Test 1.5 - Order Information DisclosureSign up to our free email alerts service for instant vulnerability notifications!
When this plugin is installed, any anonymous user can open this url https://www.domainname.de/?woocommerce_email_test=WC_Email_Customer_Completed_Order ..which shows the last (most recent) order along with all customer details, email address and cart content. This is a severe security/data privacy breach and unlawful in (at least) germany.
|Proof of Concept||
Replace "domainname" with a domain to be tested: https://www.domainname.de/?woocommerce_email_test=WC_Email_Customer_Completed_Order
fixed in version 1.6
|Publicly Published||2016-12-08 (2 months ago)|
|Added||2016-12-09 (2 months ago)|
|Last Updated||2016-12-21 (2 months ago)|
Copyright & License
|Copyright||All data and resources contained within this page and this web site is Copyright © The WPScan Team.|
|License||Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.|