MAL-2026-1844 Malicious code in shopify-ping-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65f10efaec7ccae41168b3bcbce9874ddfa9fb6d806c9e55029549efe82f9898 The package shopify-ping-web was found to contain malicious code...

Malicious code in shopify-ping-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65f10efaec7ccae41168b3bcbce9874ddfa9fb6d806c9e55029549efe82f9898 The package shopify-ping-web was found to contain malicious code...

Malicious code in shopify-ping (npm)

The package shopify-ping was found to contain malicious code...

MAL-2025-33135 Malicious code in shopify-ping (npm)

The package shopify-ping was found to contain malicious code...

Shopify: [Information Disclosure] Amazon S3 Bucket of Shopify Ping (iOS) have public access of other users image

Hello Shopify, when testing Shopify Ping share image function, I discovered an Amazon S3 bucket which has public access which allows an attacker to view all the image of other merchant & users. Steps To Reproduce: 1. Install Shopify Ping on your phone then enable Shopify Chat for your store. 2. G...

Shopify: Low privileged user can create high privileged user's KITCRM authorization token and can read and write message to KIT

Using the Shopify ping application a user can communicate with the kit. The kit is an application that creates tasks based on the information supplied through the Shopify ping app by a user. With a few quick messages to Kit using Shopify Ping, a user can create a discount code and promote it, sta...