A critical vulnerability (CVE-2026-47744) has been found in the Shopper Laravel e-commerce platform, allowing unauthorized access to online store admin panels with a CVSS score of 9.9. The flaw involves an authorization bypass in the settings, which could lead to privilege escalation, enabling low-privilege users to manage roles and delete legitimate administrators. A patch (v2.8.0) has been released to address this issue, requiring immediate updates to secure online stores.
CVE-2026-47744 flaw lets attackers hijack Laravel Shopper admin
CyberSIXT Evidence Panel
Source marked as original reporting
Article by CyberSIXT