cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forwpshop wpshop

Direction: ascending
Jun 07, 2024

WPshop 2 – E-Commerce # 25b8175a29186935197d85344c35e6cb9e68092c

CVE, Research URL

25b8175a29186935197d85344c35e6cb9e68092c

Home page URL

Security reports for WPshop 2 – E-Commerce

Application

WPshop 2 – E-Commerce

Date
Sep 17, 2015
Research Description
WPshop 2 &#8211; E-Commerce [wpshop] < 1.3.9.6 WordPress Shop Plugin <= 3.4.3.18 - Multiple Vulnerabilities This plugin is prone to cross site scripting and cross site request forgery vulnerabilities. Update the plugin.
Affected versions
Min -, max -.
Status
vulnerable
Apr 11, 2025

WPshop 2 &#8211; E-Commerce # CVE-2025-32576

CVE, Research URL

CVE-2025-32576

Home page URL

Security reports for WPshop 2 &#8211; E-Commerce

Application

WPshop 2 &#8211; E-Commerce

Date
Apr 09, 2025
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop allows Upload a Web Shell to a Web Server. This issue affects WP shop: from n/a through 2.6.0.
Affected versions
Min -, max -.
Status
vulnerable
May 08, 2025

WPshop 2 &#8211; E-Commerce # CVE-2025-3853

CVE, Research URL

CVE-2025-3853

Home page URL

Security reports for WPshop 2 &#8211; E-Commerce

Application

WPshop 2 &#8211; E-Commerce

Date
May 07, 2025
Research Description
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callback_generate_api_key() due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create valid API keys on behalf of other users.
Affected versions
Min -, max -.
Status
vulnerable

WPshop 2 &#8211; E-Commerce # CVE-2025-3852

CVE, Research URL

CVE-2025-3852

Home page URL

Security reports for WPshop 2 &#8211; E-Commerce

Application

WPshop 2 &#8211; E-Commerce

Date
May 07, 2025
Research Description
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email & password through the update() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
Affected versions
Min -, max -.
Status
vulnerable
Jul 20, 2025

WPshop 2 &#8211; E-Commerce # CVE-2015-10135

CVE, Research URL

CVE-2015-10135

Home page URL

Security reports for WPshop 2 &#8211; E-Commerce

Application

WPshop 2 &#8211; E-Commerce

Date
Jul 19, 2025
Research Description
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxUpload function in versions before 1.3.9.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
Affected versions
Min -, max -.
Status
vulnerable