Customers seeing other peoples WC orders & can access admin dashboard!?

  • Resolved efwebdesign

    (@efwebdesign)


    2 years, 4 months ago

    Hi,

    A little forewarning: I’ve been experiencing an issue with my site where when I log into wp-admin, I sometimes get redirected to /my-account with no access to the admin dashboard. I’ve found a temporary fix for this by locating wp_usermeta table in phpMyAdmin and changing the wp_capabilities and wp_user_level fields from a:1:{s:8:”customer”;b:1;} and 1 to a:1:{s:13:”administrator”;b:1;} and 10 respectively. This grants me access to the dashboard. However, the original values (customer & 1) soon return after a day or 2 requiring me to do this process every time I want to log in.

    Fast forward to today…

    I’ve had a customer of my website contact me saying they’ve logged into their customer account and can see 3 other peoples woocommerce orders on their account and that they can see the WordPress Admin dashboard!?

    Upon inspecting ‘my orders’ on the admin account, I can see the same 3 orders. After inspecting the order details of each order, I can see the customer assigned to each of these 3 orders is myself (admin) yet I didn’t place these orders?

    This must mean the customers who placed these orders are somehow accessing to the admin account and unknowingly placing their order on the admin account?

    I have a feeling it’s something to do with the wp_capabilities and wp_user_level reverting back to {s:8:”customer”;b:1;} and 1 thus giving customers access to wp-admin who are then placing orders on that account hence why the customer assigned to the 3 orders in question is myself.

    I understand this is likely a plugin compatibility issue but because the wp_capabilities and wp_user_level fields change sporadically, I have no way of telling which plugin is the culprit.

    Here is a list of all my installed plugins:

    all-in-one-wp-migration
    antispam-bee
    classic-editor
    code-snippets
    coming-soon
    contact-form-7
    contact-form-7-simple-recaptcha
    dt_woocommerce_page_builder
    enavato-market
    et-core-plugin
    feefo-ratings
    instagram-feed
    js_composer
    litespeed-cache
    mpc-massive
    optimole-wp
    print-invoices-packing-slip-label-for-woocommerce
    really-simple-ssl
    revslider
    simple-sitemap
    tinymce-advanced
    trust-payments-gateway-3ds2
    user-role-editor
    wc-product-subtitle
    woocommerce
    woocommerce-paypal-payments
    woocommerce-pdf-invoices
    wordfence
    wordpress-seo
    wp-popups-lite
    yikes-inc-easy-custom-woocommerce-product-tabs

    Has anyone experienced similar issues whilst having any of the above plugins installed on their site?

    Thanks,

    Ellis

    • This topic was modified 2 years, 4 months ago by Jan Dembowski. Reason: Moved to Fixing WordPress, this is not an Developing with WordPress topic
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Customers seeing other peoples WC orders & can access admin dashboard!?’ is closed to new replies.