VYPR
Vendor

Hikashop

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2025-22210HigFeb 25, 2025
    risk 0.47cvss 7.2epss 0.00

    A SQL injection vulnerability in the Hikashop component versions 3.3.0-5.1.4 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the category management area in backend.

  • CVE-2025-25225MedMar 15, 2025
    risk 0.42cvss 6.5epss 0.00

    A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers (administrator) to escalate their privileges to Super Admin Permissions.

  • CVE-2024-40746MedOct 21, 2024
    risk 0.35cvss 5.4epss 0.00

    A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component < 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the `description` parameter of any product. The `description…