2 matches found
CVE-2025-32378
Shopware CVE-2025-32378 affects Shopware open source platforms prior to 6.6.10.3 and 6.5.8.17, where default double-opt-in newsletter settings allow mass sign-ups without confirmation. With Newsletter: Double Opt-in active and related disabled options, anyone can register using any email and opt ...
CVE-2025-32378 Shopware's default newsletter opt-in settings allow for mass sign-up abuse
Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registere...