cleantalk
Vulnerabilities and Security Researches

WP Shopify, CVE-2025-7808

CVE, Research URL

CVE-2025-7808

Home page URL

Security reports for WP Shopify

Application

WP Shopify

Published on
Aug 14, 2025
Research Description
The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected versions
Min -, max 1.5.4.
Status
vulnerable
Previous vulnerability researches
YDS Support Ticket System (CVE-2024-55985) , Dec 21, 2024
YDS Support Ticket System (CVE-2022-36388) , Jun 10, 2024
New vulnerability
Post Type Converter (CVE-2025-48303) , Aug 27, 2025
WP Shopify (CVE-2025-7808) , Aug 27, 2025
Image License and Protection (CVE-2025-8047) , Aug 27, 2025
Ultimate twitter profile widget (CVE-2025-48321) , Aug 27, 2025
Lazy Load for Videos (CVE-2025-7732) , Aug 27, 2025