e-commercevulnerabilitiesWooCommerce

E-commerce: why 70% of online stores are vulnerable to privilege escalation

Name: CleanIssue
Price range: €€

Published on 2026-02-286 min readFlorian

French e-commerce underestimates the risk

Flaw 1: Client-side price manipulation

If the price is sent from frontend to payment API, users can modify the amount.

Flaw 2: Cross-customer order access

Sequential order IDs = enumerate and view all customers' orders.

Flaw 3: Stock bypass

Negative quantities, simultaneous requests, stock manipulation via API.

Flaw 4: Weak customer authentication

Predictable password reset, no 2FA, non-expiring sessions.

Flaw 5: Vulnerable WooCommerce plugins

Plugins adding unauthenticated REST endpoints. We regularly find public CSV export endpoints.

Three adjacent analyses to keep exploring the same attack surface.

Stripefintech

Stripe: 5 configuration errors that allow paywall bypass

Your Stripe keys are in the frontend. Your payment sessions are manipulable. Here are 5 errors we find.

2026-03-18 · 6 min read

Supabasetechnical

Supabase RLS: 5 configuration mistakes we find every week

Supabase Row Level Security policies are your first line of defense. Here are the 5 most common mistakes.

2026-03-28 · 7 min read

reviewvulnerabilities

The 10 flaws we found most in 2025-2026

Ranked list of most frequent vulnerabilities across our audits. Missing RLS at #1, unauthenticated webhooks at #2, exposed API keys at #3.

2026-04-03 · 8 min read

Sources

Written by Florian

Reviewed on 2026-02-28

Editorial analysis based on official vendor, project, and regulator documentation.

Related services

If this topic maps to a real risk in your stack, these are the most relevant CleanIssue audits.

External Review

Get a fast, clear read on your product’s real external exposure.

Full Audit

Document all priority flaws and get a real remediation plan.

Ongoing Review

Track new exposure as your stack changes over time.