Email Verification Bypass

Guest Order → Order History Leak (Email Reuse)

Prereq:
- Guest checkout enabled
- No email verification (or bypass)

Steps:
1) Place Guest order with email = test@domain.com
2) Sign up account with same email
3) Open Order History

Vuln:
- Guest order appears in new account → PII/order details exposed

PreviousRegistration Feature Testing NextForgot Password

Last updated 1 month ago

hashtagGuest Order → Order History Leak (Email Reuse)

Guest Order → Order History Leak (Email Reuse)