Account Deletion Vulnerability in CE Phoenix eCommerce Platform
CVE-2025-47272

5.5MEDIUM

Key Information:

Vendor: Ce-phoenixcart
Status: Phoenixcart
Vendor: CVE Published:; 2 June 2025

🔔 Create Ce-phoenixcart Vulnerability Alert

What is CVE-2025-47272?

The CE Phoenix eCommerce platform has a security flaw that allows logged-in users to delete their accounts without needing to re-enter their passwords. This vulnerability can be exploited if an attacker gains temporary access to an authenticated session, such as on a shared or public device. Consequently, users could lose their accounts and experience significant data loss. The issue was resolved in version 1.1.0.3, so users are advised to upgrade to this version or later to safeguard their accounts.

Affected Version(s)

PhoenixCart >= 1.0.9.7, < 1.1.0.3

References

https://github.com/CE-PhoenixCart/PhoenixCart/security/ad...

x_refsource_CONFIRM

https://github.com/CE-PhoenixCart/PhoenixCart/commit/e871...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2025
Vulnerability Reserved
May 5, 2025