📦 Spree

A critical IDOR vulnerability in Spree Commerce allows guest users to manipulate address ID parameters during checkout, bypassing ownership validation. This enables unauthorized access to other guests...

Unauthenticated users can view completed guest orders by Order ID in Spree e-commerce platform, potentially exposing guest user PII including names, addresses, and phone numbers. This affects all Spre...