CVE-2026-31820 Sylius affected by IDOR in Cart and Checkout LiveComponents

Sylius is an Open Source eCommerce Framework on Symfony. An authenticated Insecure Direct Object Reference IDOR vulnerability exists in multiple shop LiveComponents due to unvalidated resource IDs accepted via LiveArg parameters. Unlike props, which are protected by LiveComponent's @checksum, arg...

PT-2025-45080

Name of the Vulnerable Software and Affected Versions FunnelKit WordPress plugin versions prior to 3.12.0.1 Description The software does not properly sanitize user-provided data before displaying it in certain checkout-related AJAX operations. This can allow attackers to execute reflected...