When submitting orders through the API, WooCommerce does not test that the customer_id subject is, actually, the presently logged in consumer. This may be exploited to brute power the database, or spam the system with false orders. Is there a technique to hook into this performance and test the case manually?

Additionally, is there a information to hardening the WooCommerce api? Many of those routes should be blocked and I’m questioning if there’s a complete information to doing so.

1