Unpublish and Deleted product can be checkout in microweber/microweber

Valid

Reported on

May 23rd 2023


Description

Step 1: User add product to cart

Step 2: Admin go to Shop > Products: Unpublish product and Delete product

Step 3: User go to cart page and checkout product successfully

Impact

Unpublish and Deleted product can be checkout

We are processing your report and will contact the microweber team within 24 hours. 9 months ago
lujiefsi modified the report
9 months ago
We have contacted a member of the microweber team and are waiting to hear back 9 months ago
lujiefsi
9 months ago

Researcher


if poc video is needed, we can provide one

Peter Ivanov modified the Severity from High (8.8) to Medium (5.9) 9 months ago
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
Peter Ivanov validated this vulnerability 9 months ago
lujiefsi has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Peter Ivanov marked this as fixed in 2.0 with commit eee0c6 9 months ago
Peter Ivanov has been awarded the fix bounty
This vulnerability has now been published 3 months ago
to join this conversation