NO BUG: View Order - Permissions

Browser: Chrome 110
OS: any


I found a problem in the new account builder, more specifically in the “Account - View order” widget.
Basically when I access an order via the url I can see the details regardless of whether the order is mine or not.
To me it doesn’t make sense that we can see orders from other users.

Best regards.

Hi Diogo,
Thanks so much for your report!

I assume that you are logged in as admin? Then it is understandable that you can see every order. However, if you are logged in as a regular customer or e.g. an editor account, you cannot. If you are not logged in at all and go to the URL, you won’t see anything either.

This is the default WooCommerce behavior that you will experience with any other theme. Accordingly, it is not a bug.

Best regards,

I tried to open it with a Customer user and it still opens the order.
I did a fresh installation with the Twenty Twenty-Two theme and woocommerce and the same process prevents this from happening.

Screenshot without bricks:

Screenshot with bricks and without a template:

Screenshot with bricks and a template using widget “Account - View order”:

I still think this is a bug. Can you check again?

Best Regards.

I still cannot reproduce the problem. Would you be so kind as to send temporary login credentials and a link to this thread to using the email address you used during the purchase?