Medium severity6.5NVD Advisory· Published May 29, 2026· Updated May 29, 2026
CVE-2026-47745
CVE-2026-47745
Description
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, the admin tables for PaymentMethods, Currencies and Carriers exposed inline toggles and per-record actions (enable, disable, edit, delete) that were rendered for any authenticated panel user without checking the corresponding per-action permission. A low-privilege user could disable every payment method on the store, disable or alter the default currency, or disable carriers. The impact is a full denial of checkout and pricing integrity loss, reachable by any authenticated user. This vulnerability is fixed in 2.8.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
shopper/frameworkPackagist | < 2.8.0 | 2.8.0 |
Affected products
2Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.