CVE-2025-47272

Name of the Vulnerable Software and Affected Versions CE Phoenix eCommerce platform versions 1.0.9.7 through 1.1.0.3

Description The issue allows logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session could permanently delete the user’s account without knowledge of the password. This bypass of re-authentication puts users at risk of account loss and data disruption.

Recommendations For versions 1.0.9.7 through 1.1.0.3, update to version 1.1.0.3 to resolve the issue. As a temporary workaround, consider restricting access to account deletion functionality until the patch is applied.