Unpublish and Deleted product can be checkout in microweber/microweber


Reported on

May 23rd 2023


Step 1: User add product to cart

Step 2: Admin go to Shop > Products: Unpublish product and Delete product

Step 3: User go to cart page and checkout product successfully


Unpublish and Deleted product can be checkout

We are processing your report and will contact the microweber team within 24 hours. 9 months ago
lujiefsi modified the report
9 months ago
We have contacted a member of the microweber team and are waiting to hear back 9 months ago
9 months ago


if poc video is needed, we can provide one

Peter Ivanov modified the Severity from High (8.8) to Medium (5.9) 9 months ago
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
Peter Ivanov validated this vulnerability 9 months ago
lujiefsi has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Peter Ivanov marked this as fixed in 2.0 with commit eee0c6 9 months ago
Peter Ivanov has been awarded the fix bounty
This vulnerability has now been published 3 months ago
to join this conversation