cleantalk
Vulnerabilities and Security Researches

WPshop 2 – E-Commerce, 85bb2718-2228-4405-8b50-76995dbf6862

CVE, Research URL

85bb2718-2228-4405-8b50-76995dbf6862

Home page URL

Security reports for WPshop 2 – E-Commerce

Application

WPshop 2 – E-Commerce

Published on
-
Research Description
WPshop 2 &#8211; E-Commerce [wpshop] < 1.3.9.6 Wpshop - eCommerce &lt;= 1.3.9.5 - Arbitrary File Upload The script &#039;includes/ajax.php&#039; allows execution of various actions by anonymous users. The action name is provided in the &#039;elementCode&#039; parameter. One of these actions is named &#039;ajaxUpload&#039;. This function allows for upload of arbitrary files, due to lack of sanitation of user input.
Affected versions
max 1.3.9.6.
Status
vulnerable
Previous vulnerability researches
MapifyLite (by MapifyPro) (e5bfd53d-0d9a-42f2-8af8-5bb710bac828) , Jun 16, 2026
MapifyLite (by MapifyPro) (6be590d56cf666ad67a6e008b71242e607d966ea) , Jun 16, 2026
MapifyLite (by MapifyPro) (d7a357e358b4eb001b41f84d3531981914480734) , Jun 07, 2024
New vulnerability
MathJax-LaTeX (dc58a5e8913fe3e0530789dbb21e0998a8536ee4) , Jun 16, 2026
MathJax-LaTeX (9486ca34-d436-490f-8779-e79d7dcdc9bc) , Jun 16, 2026
Fancy Comments WordPress (86cad9b9-eaa5-4775-8ebf-e9e967cfb439) , Jun 16, 2026
Breeze &#8211; WordPress Cache Plugin (9f8d98d070747dc4430a4d5893eedb992d889bf6) , Jun 16, 2026
GravityCaptcha (a6717eb4a1974422dee29f4987d49272d478c74a) , Jun 16, 2026