Jump to content

Anyone logged in can download anyone's message/notifications attachments


Recommended Posts

Greetings to all!

I would love to report a Potential Data Leak/Customer data leak or even customer data stealing/etc… here. How Fiverr classifies it could be different, but this is something serious fiverr should perhaps look into and fix.

Any attachment that the customer communicates with seller or viz. And any attachments (specifically rar/zips) etc that is delivered by the seller under Notifications:

  • If I copy the link and give it someone else in fiver & If that “someone else” is logged into fiverr, he/she can download that file/attachment

Long story short - If USER-A has links of USER-B & if USER-A is logged in, then USER-B’s files can be downloaded by USER-A


  • lets say you are in a environment where you’r internet activity is monitored by in-house/commercial security tools, and every link/url gets monitored.
  • lets say someone accidentally gets a hold of someones delivery link
Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...