Craftcms Commerce
20 CVEs affecting Craftcms Commerce. Latest disclosed: 2026-04-13. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-32272 | | 2026-04-13 | Craft Commerce is an ecommerce platform for Craft CMS. In versions 5.0.0 through 5.5.4, an SQL injection vulnerability exists where the ProductQuery::hasVarian… | |
CVE-2026-32271 | | 2026-04-13 | Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, there is an SQL injection vulnerability in the… | |
CVE-2026-32270 | | 2026-04-13 | Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, the PaymentsController::actionPay discloses so… | |
CVE-2026-31867 | | 2026-03-11 | Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.11.0 and 5.6.0, An Insecure Direct Object Reference (IDOR) vulnerability exists in Craft Comm… | |
CVE-2026-29177 | | 2026-03-10 | Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Craft Commerc… | |
CVE-2026-29176 | | 2026-03-10 | Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. T… | |
CVE-2026-29175 | | 2026-03-10 | Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Vari… | |
CVE-2026-29174 | | 2026-03-10 | Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoin… | |
CVE-2026-29173 | | 2026-03-10 | Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a stored XSS vulnerability exists when a user tries to update the Order Statu… | |
CVE-2026-29172 | | 2026-03-10 | Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, Craft Commerce is vulnerable to SQL Injection in the purchasables table endpo… | |
CVE-2026-25522 | | 2026-02-03 | Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commer… | |
CVE-2026-25490 | | 2026-02-03 | Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commer… | |
CVE-2026-25489 | | 2026-02-03 | Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commer… | |
CVE-2026-25488 | | 2026-02-03 | Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commer… | |
CVE-2026-25487 | | 2026-02-03 | Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commer… | |
CVE-2026-25486 | | 2026-02-03 | Craft Commerce is an ecommerce platform for Craft CMS. From version 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute ma… | |
CVE-2026-25485 | | 2026-02-03 | Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commer… | |
CVE-2026-25484 | | 2026-02-03 | Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, there is a Stored XSS via Product Type nam… | |
CVE-2026-25483 | | 2026-02-03 | Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability exists in Craft… | |
CVE-2026-25482 | | 2026-02-03 | Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored DOM XSS vulnerability exists in t… |