security issues
-
Using the redirect with your shortcode is insecure: the user can change the url and get the details of all of the orders made on the same shop.
the original woocommerce thank you page uses an extra parameter “key” in the url that you should pass in the redirect and verify against order meta “_order_key”
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
The topic ‘security issues’ is closed to new replies.
