Hi,
I have big security problem.
If I login to my account, I can see orders history. I can click on orders and I can see detail. Url:
xxx.xx/order?order_number=1000
But If I rewrite url to any random exist order number, I can see it too! I can see all orders that was create without registration - THIS IS PROBLEM, I see users informations. If order created registered and loged user, access is denied - CORRECT.
Can you help me, how set order history? Every user must see only his orders.
Thank you very much.
VM version etc
Joomla 3.8.2, VirtueMart 3.0.18
Every user sees only his orders, but the administrator can see everyone. I do not see what a problem that can be.