First published: Wed May 15 2024(Updated: )
A researcher identified an endpoint in a thirth party module Klaviyo Magento 2 which allows to read private customer data from stores. It works by reclaiming any guest-cart as your own and reading the private data for the orders in the Magento API.
Affected Software | Affected Version | How to fix |
---|---|---|
composer/klaviyo/magento2-extension | >=1.0.0<3.0.0 | 3.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.