We found a huge vulnerability which allows anyone with admin access to export details of each customer in one click. So anyone can export all the sensitive data of your customers or steal details to use for their personal favor. It's really important to make a fix as a security measure on GDPR policy.

As an idea to make it fixed, we would like to make this option available only to the owner of the account. Since not everyone could found this restriction quite comfortable, the most convenient way is to make a checkbox option which is available to the owner of the account and they could decide which role has access to export history details.