CVE Catalog
CVE-2026-57748
HighCVSS 7.5Summary
The Shopify plugin version 1.0.0 and earlier contains a Local File Inclusion (LFI) vulnerability via the Contributor function. This allows an attacker to read sensitive files on the server.
Risk Assessment
The risk involves potential disclosure of confidential data such as configuration files, passwords, or source code, which could lead to further attack escalation.
Recommendation
It is recommended to immediately update the Shopify plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Contributor Local File Inclusion in Shopify <= 1.0.0 versions.

