Vulnerabilities and security researches forshopengine shopengine

Nov 10, 2025

CVE, Research URL: CVE-2025-11888
Home page URL: Security reports for ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution
Application: ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution
Date: Oct 25, 2025
Research Description: The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the post_deactive() function and post_activate() function in all versions up to, and including, 4.8.4. This makes it possible for authenticated attackers, with Editor-level access and above, to activate and deactivate licenses.
Affected versions: max 4.8.5.
Status: vulnerable

Oct 11, 2025

CVE, Research URL: CVE-2025-10173
Home page URL: Security reports for ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution
Application: ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution
Date: Sep 26, 2025
Research Description: The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized access due to an incorrect capability check on the post_save() function in all versions up to, and including, 4.8.3. This makes it possible for authenticated attackers, with Editor-level access and above, to update the plugin's settings.
Affected versions: max 4.8.4.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: CVE-2022-45371
Home page URL: Security reports for ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution
Application: ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution
Date: May 25, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Wpmet ShopEngine plugin <= 4.1.1 versions.
Affected versions: max 4.1.2.
Status: vulnerable