VYPR
Vendor

Shopperlabs

Products
2
CVEs
6
Across products
6
Status
Private

Products

2

Recent CVEs

6
  • CVE-2026-47744CriMay 29, 2026
    risk 0.57cvss 9.9epss 0.00

    Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount() authorization. Any authenticated user could load the page…

  • CVE-2026-47740HigMay 29, 2026
    risk 0.46cvss 8.1epss 0.00

    Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel,…

  • CVE-2026-47743higJun 5, 2026
    risk 0.38cvss epss 0.00

    ## Impact Three related defects on admin Livewire components allowed data tampering, sensitive data disclosure, and stored XSS: - **IDOR via unlocked properties.** Several Livewire components in the admin panel exposed Eloquent model identifiers as public properties without…

  • CVE-2026-47745MedMay 29, 2026
    risk 0.35cvss 6.5epss 0.00

    Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, the admin tables for PaymentMethods, Currencies and Carriers exposed inline toggles and per-record actions (enable, disable, edit, delete) that were rendered for any authenticated panel user without checking the…

  • CVE-2026-47742MedMay 29, 2026
    risk 0.35cvss 6.5epss 0.00

    Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form Livewire components used in the product editor (Edit, Inventory, Seo, Shipping, Files) had no authorization on their store() method. Any authenticated panel user, regardless of role, could mutate any…

  • CVE-2026-47741MedMay 29, 2026
    risk 0.31cvss 5.9epss 0.00

    Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's total_use counter. Under concurrent checkout pressure (Black Friday, flash sale, viral coupon), the…