Beafn28

**Name of the Vulnerable Software and Affected Versions** nopCommerce versions prior to 4.80.3 **Description** The software does not invalidate session cookies after logout or session termination. This allows an attacker with a valid session cookie to access privileged endpoints, such as '/admin', even after the legitimate user has logged out, potentially enabling session hijacking. Approximately 40.8k instances are exposed. The issue allows attackers to reuse expired session cookies due to a logout flaw, potentially leading to account hijacking, including administrative access. **Recommendations** Versions prior to 4.80.3 should be updated to version 4.80.3 or later.