craftcms/commerce Security Advisories for 4.10.1 (4)
-
[MEDIUM] Craft Commerce: Potential IDOR in Commerce carts
PKSA-c2xz-ckr6-6mky CVE-2026-31867 GHSA-vff3-pqq8-4cpq
Affected version: >=4.0.0,<4.11.0|>=5.0.0,<5.6.0
Reported by:
GitHub -
[LOW] Craft Commerce has stored XSS in Craft Commerce Order Details Slideout
PKSA-q6pp-5z96-2bd2 CVE-2026-29177 GHSA-mj32-r678-7mvp
Affected version: >=5.0.0,<=5.5.2|>=4.0.0,<=4.10.1
Reported by:
GitHub -
[LOW] Craft Commerce is Vulnerable to Stored XSS while updating Order Status from Orders Table
PKSA-7wm1-vvyh-k91c CVE-2026-29173 GHSA-mqxf-2998-c6cp
Affected version: >=5.0.0,<=5.5.2|>=4.0.0,<=4.10.1
Reported by:
GitHub -
[HIGH] Craft Commerce is Vulnerable to SQL Injection in Commerce Purchasables Table Sorting
PKSA-hf29-t8gq-x1bd CVE-2026-29172 GHSA-j3x5-mghf-xvfw
Affected version: >=5.0.0,<=5.5.2|>=4.0.0,<=4.10.1
Reported by:
GitHub