cleantalk
Vulnerabilities and Security Researches

WPshop 2 – E-Commerce, 0f9c01caef7f6babf3ec24ce1fd97b741071e5b9

CVE, Research URL

0f9c01caef7f6babf3ec24ce1fd97b741071e5b9

Home page URL

Security reports for WPshop 2 – E-Commerce

Application

WPshop 2 – E-Commerce

Published on
Mar 09, 2015
Research Description
WPshop 2 &#8211; E-Commerce [wpshop] < 1.3.9.6 WPshop 2 – E-Commerce < 1.3.9.6 - Arbitrary File Upload The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxUpload function in versions before 1.3.9.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
Affected versions
max 1.3.9.6.
Status
vulnerable
Previous vulnerability researches
Slider Hero with Animation, Video Background (20851a18-8309-4405-b85c-acaa047effa7) , Jun 16, 2026
Slider Hero with Animation, Video Background (ec2738226d537a4c17dbff19a2e826361834f640) , Jun 16, 2026
Slider Hero with Animation, Video Background (e03420c55099714ac90da016761d318e5e1cb6db) , Jun 16, 2026
Slider Hero with Animation, Video Background (CVE-2024-29922) , Jun 06, 2024
Slider Hero with Animation, Video Background (CVE-2021-24506) , Jun 06, 2024
New vulnerability
Active Directory Integration / LDAP Integration (6251e628a9c3ffe639b3664f20ab3124d449e8cc) , Jun 16, 2026
Active Directory Integration / LDAP Integration (f9fd62f7-e086-43cc-b08b-5e04d8723c91) , Jun 16, 2026
MathJax-LaTeX (dc58a5e8913fe3e0530789dbb21e0998a8536ee4) , Jun 16, 2026
MathJax-LaTeX (9486ca34-d436-490f-8779-e79d7dcdc9bc) , Jun 16, 2026
Fancy Comments WordPress (86cad9b9-eaa5-4775-8ebf-e9e967cfb439) , Jun 16, 2026