CVE Catalog

CVE-2026-57748

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Summary

The Shopify plugin version 1.0.0 and earlier contains a Local File Inclusion (LFI) vulnerability via the Contributor function. This allows an attacker to read sensitive files on the server.

Risk Assessment

The risk involves potential disclosure of confidential data such as configuration files, passwords, or source code, which could lead to further attack escalation.

Recommendation

It is recommended to immediately update the Shopify plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Contributor Local File Inclusion in Shopify <= 1.0.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS