CVE-2025-51605

Name of the Vulnerable Software and Affected Versions: Shopizer version 3.2.7

Description: The server’s Cross-Origin Resource Sharing (CORS) implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make authenticated cross-origin requests and read sensitive responses.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.