26 Apr Edited #1

Current location on profile leaks order ID

Ultimate subscriber
On profiles when hovering over the link:
Status: Online (Unknown Location @ 00:00 AM)

The action and order ID is displayed in the URL.

This should not be shown and it should not be an unknown location.

When clicking on the link it displays own data when an item is added to the cart. Otherwise it displays "The items you are trying to purchase cannot be found."
Shade 26 Apr
#2
The order can be seen only by the user who made it, so even if you have an user’s order ID you cannot alter its course. I agree it should be hidden, but this does not pose any security risk whatsoever.