shopper/framework
php · shopper/frameworkHeads-up
Shopper Framework: Missing Authorization on Sub-form Livewire Components
Sub-form Livewire components (Edit, Inventory, Seo, Shipping, Files) in the product editor had no authorization on their store() m
09 Jun 2026 · schedule it
php · shopper/frameworkHeads-up
Shopper Framework: Missing permission checks on admin table actions (fixed in v2.8.0)
Admin tables for PaymentMethods, Currencies and Carriers exposed inline toggles and per-record actions without permission checks.
09 Jun 2026 · schedule it
php · shopper/frameworkCritical
shopper/framework: Three security defects in admin Livewire components
Three security defects in admin Livewire components: IDOR via unlocked properties, sensitive data disclosure through Hidden passwo
09 Jun 2026 · act now
php · shopper/frameworkCritical
shopper/framework: Authorization bypass in team settings (fixed in v2.8.0)
Two authorization defects in team settings allowed any authenticated panel user to take over the RBAC system: Settings/Team/Index
09 Jun 2026 · act now