All 6 CVE vulnerabilities found in shopper, with AI-generated Chinese analysis, references, and POCs.
Vendor: shopperdotcom
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-47740 | Shopper: Authorization bypass in multiple Livewire admin components CWE-285 | 8.1 | High | 2026-05-29 |
| CVE-2026-47741 | Shopper: Race condition on Discount.usage_limit allows silent over-redemption CWE-362 | 5.9 | Medium | 2026-05-29 |
| CVE-2026-47742 | Shopper: Missing authorization on Product admin Livewire sub-form components CWE-862 | 6.5 | Medium | 2026-05-29 |
| CVE-2026-47744 | Shopper: Authorization bypass and RBAC privilege escalation in team settings CWE-269 | 9.9 | Critical | 2026-05-29 |
| CVE-2026-47745 | Shopper: Missing per-action authorization on PaymentMethods, Currencies and Carriers admin tables CWE-862 | 6.5 | Medium | 2026-05-29 |
| CVE-2025-31534 | WordPress Shopper plugin <= 3.2.5 - SQL Injection vulnerability CWE-89 | 9.3 | Critical | 2025-04-01 |
All 6 known CVE vulnerabilities affecting shopper with full Chinese analysis, references, and POCs where available.