- Parameter tampering AKA Price Manipulation
- CSRF in adding or removing items on/from the victim's cart
- IDOR in adding or removing items on/from the victim's cart
- Increase the value of a voucher and getting high discounts
- Adding multiple voucher's in JSON table
- Add blind XSS payloads in the address fields it might be fired in their admin panel (some easy $$$)
- IDOR in cancelling the victim's ordered items
- CSRF to cancel the orders placed by victim