HomeCVE Intelligence › CVE-2026-47743
CVSS 8.7 HIGH Vulnerability

CVE-2026-47743: Shopper: Multiple data integrity and disclosure issues in admin Livewire components

Impact Three related defects on admin Livewire components allowed data tampering, sensitive data disclosure, and stored XSS: IDOR via unlocked properties. Several Livewire components in the admin panel exposed Eloquent…

8.7CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-47743
Vendorcomposer
Affected Productshopper/framework
Vulnerability TypeVulnerability
CVSS Score8.7 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Impact Three related defects on admin Livewire components allowed data tampering, sensitive data disclosure, and stored XSS: - IDOR via unlocked properties. Several Livewire components in the admin panel exposed Eloquent model identifiers as public properties without the #[Locked] attribute. An authenticated user could rewrite the wire payload from the browser to target any record id, bypassing the implicit scoping enforced by the page routing.

Sensitive data echoed back through Hidden form field. Customers/Create::store() re-passed a Hidden _password form field straight into the create payload. The plaintext password was rendered into the HTML and transported through the Livewire snapshot in clear text, exposing credentials in the page DOM and in any logging that capt

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-47743 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence