Name of the Vulnerable Software and Affected Versions Klaviyo Magento 2 (affected versions not specified)

Description A researcher discovered an issue in a third-party module that allows reading private customer data from stores. This is achieved by reclaiming any guest-cart as one's own and then accessing the private data for orders through the Magento API. The endpoint in question enables this unauthorized access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.