Product
webkul bagisto
21 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-21451
CVE-2026-21450
CVE-2026-21449
CVE-2026-21448
CVE-2026-21447
CVE-2026-21446
CVE-2025-62418
CVE-2025-62417
CVE-2025-62416
CVE-2025-62415
CVE-2025-62414
CVE-2025-60880
CVE-2025-56426
CVE-2025-40675
CVE-2023-36238
CVE-2024-27499
CVE-2023-36237
CVE-2023-36236
CVE-2023-33570
CVE-2019-16403
CVE-2019-14933
< 2.3.10
Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting (XSS) vulnerability exists in Bagisto prior to
< 2.3.10
Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection vi
< 2.3.10
Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection vi
< 2.3.10
Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection. W
< 2.3.10
Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability i
>= 2.3.0 and < 2.3.10
Bagisto is an open source laravel eCommerce platform. In versions on the 2.3 branch prior to 2.3.10, API routes remain active even
all versions
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker
all versions
Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula character (for exam
all versions
Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection (SSTI) due to
all versions
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker
all versions
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the “Create New Customer” feature (in the admin panel
all versions
An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to
all versions
An issue WebKul Bagisto v.2.3.6 allows a remote attacker to execute arbitrary code via the Cart/Checkout API endpoint, specificall
>= 2.0.0 and < 2.2.3
A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to ex
all versions
Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID p
all versions
Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option.
< 1.5.1
Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an attacker to execute arbitrary code via a crafted HTML
<= 1.5.0
Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and before allows an attacker to execute arbitrary code via a crafted
all versions
Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI).
< 0.1.5
In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc
all versions
Bagisto 0.1.5 allows CSRF under /admin URIs.