Lucene search
K

4 matches found

OSV
OSV
added 2026/06/05 8:34 p.m.10 views

GHSA-FXQW-97CC-7G5C Shopper: Missing per-action authorization on PaymentMethods, Currencies and Carriers admin tables

Impact The admin tables for PaymentMethods, Currencies and Carriers exposed inline toggles and per-record actions enable, disable, edit, delete that were rendered for any authenticated panel user without checking the corresponding per-action permission. A low-privilege user could: - Disable every...

6.5CVSS5.5AI score0.00221EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/29 5:55 p.m.34 views

CVE-2026-47745 Shopper: Missing per-action authorization on PaymentMethods, Currencies and Carriers admin tables

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, the admin tables for PaymentMethods, Currencies and Carriers exposed inline toggles and per-record actions enable, disable, edit, delete that were rendered for any authenticated panel user without checking the corresponding per-action...

6.5CVSS0.00221EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:55 p.m.8 views

CVE-2026-47745

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, the admin tables for PaymentMethods, Currencies and Carriers exposed inline toggles and per-record actions enable, disable, edit, delete that were rendered for any authenticated panel user without checking the corresponding per-action...

6.5CVSS5.9AI score0.00221EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.16 views

PT-2026-44945

Name of the Vulnerable Software and Affected Versions Shopper versions prior to 2.8.0 Description In the admin tables for PaymentMethods, Currencies, and Carriers, inline toggles and per-record actions such as enable, disable, edit, and delete are rendered for any authenticated panel user without...

6.5CVSS5.4AI score0.00221EPSS
Exploits0References7
Rows per page
Query Builder