CVE-2026-32271 | Craft CMS up to 4.10.2/5.5.4 Commerce TotalRevenue Widget unserialize sql injection

Inserito da Angelo Barbosa | Apr 13, 2026 | CVE

A vulnerability was found in Craft CMS up to 4.10.2/5.5.4 and classified as critical. Affected by this vulnerability is the function unserialize of the component Commerce TotalRevenue Widget. Executing a manipulation can lead to sql injection.

The identification of this vulnerability is CVE-2026-32271. The attack may be launched remotely. There is no exploit available.

It is suggested to upgrade the affected component.

CVE-2026-32271 | Craft CMS up to 4.10.2/5.5.4 Commerce TotalRevenue Widget unserialize sql injection

Post correlati

CVE-2024-37474 | Automattic Newspack Ads Plugin up to 1.47.1 on WordPress cross site scripting

CVE-2025-54568 | Akamai Rate Control incorrect provision of specified functionality

CVE-2025-13777 | ABB AWIN GW100/AWIN GW120 2.0-0/2.0-1 authentication replay

CVE-2024-3811 | ThemeNectar Salient Shortcodes Plugin up to 1.5.3 on WordPress Shortcode icon cross site scripting