CVE-2026-47745

Name of the Vulnerable Software and Affected Versions Shopper versions prior to 2.8.0

Description In the admin tables for PaymentMethods, Currencies, and Carriers, inline toggles and per-record actions such as enable, disable, edit, and delete are rendered for any authenticated panel user without verifying the required per-action permissions. This allows a low-privilege user to disable all payment methods, alter or disable the default currency, or disable carriers, resulting in a complete denial of the checkout process and loss of pricing integrity.

Recommendations Update to version 2.8.0.