Rapid7 Finds Security Vulnerability In Ecommerce Plugin, Yopify

By   ISBuzz Team
Writer , Information Security Buzz | Jun 01, 2017 12:00 am PST

Rapid7 disclosed a found vulnerability in Yopify, an ecommerce notification plugin utilised by a number of websites including Shopify, that indirectly leaks the first name, last initial, city and purchase data of recent online shoppers – all without user authorisation. The various plugin sites show over 300 reviews of Yopify, which suggests that the number of exploitable sites is at least in the hundreds, and perhaps thousands.

While seemingly harmless at first glance, this personal shopper data can be used by hackers to infer parts of customers’ identities making them vulnerable to personal information breaches, blackmail and even violence.

You can find the full vulnerability report here: https://community.rapid7.com/community/infosec/blog/2017/05/31/r7-2017-05-centire-yopify-information-disclosure-cve-2017-3211

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x