shopper/framework
Packagist5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting shopper/frameworkpage 1 of 1
- CVE-2026-47740HIGHCVSS 8.1EG 8.1✓ Fixed in 2.8.02026-05-29
vulnerable: v2.0.0 ... v2.7.3 (59 versions)
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orde…
- CVE-2026-47742MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.8.02026-05-29
vulnerable: v2.0.0 ... v2.7.3 (59 versions)
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form Livewire components used in the product editor (Edit, Inventory, Seo, Shipping, Files) had no authorization on their store() method. Any authenticated panel user, regar…
- CVE-2026-47743HIGHCVSS 8.7EG 8.7✓ Fixed in 2.8.02026-06-05
vulnerable: v2.0.0 ... v2.7.3 (59 versions)
Shopper: Multiple data integrity and disclosure issues in admin Livewire components ## Impact Three related defects on admin Livewire components allowed data tampering, sensitive data disclosure, and stored XSS: - **IDOR via unlocked pr…
- CVE-2026-47744CRITICALCVSS 9.9EG 9.9✓ Fixed in 2.8.02026-05-29
vulnerable: v2.0.0 ... v2.7.3 (59 versions)
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount() authorization. Any …
- CVE-2026-47745MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.8.02026-05-29
vulnerable: v2.0.0 ... v2.7.3 (59 versions)
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, the admin tables for PaymentMethods, Currencies and Carriers exposed inline toggles and per-record actions (enable, disable, edit, delete) that were rendered for any authenticat…
Check whether shopper/framework is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for shopper/framework CVEs against the assets you own.
Start Free Scan →