CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Nopcommerce: >> Nopcommerce >> 4.80.3 Security Vulnerabilities

CVE-2025-11699

nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a a valid session cookie access to privileged endpoints (such as /admin) even after the legitimate user has logged out, enabling session hijacking. Any version above 4.70 that is not 4.80.3 fixes the vulnerability.

CVSS Score

7.1

EPSS Score

0.0

Published

2025-12-01

Page 1

Vulnerabilities

Vulnerable Software

Nopcommerce: >> Nopcommerce >> 4.80.3 Security Vulnerabilities

Products

Pricing

Contact Us