41 matches found
CVE-2025-69383
CVE-2025-69383 affects the WordPress plugin WP shop (wpshop) for isssueed versions up to and including 2.6.1. The vulnerability is an Unauthenticated Local File Inclusion caused by an improper control of filename for include/require statements . This can enable an attacker to include local files....
CVE-2023-25975
Cross-Site Request Forgery CSRF vulnerability in Frédéric Sheedy Etsy Shop plugin = 3.0.3 versions...
EUVD-2022-39493
Malicious code in bioql PyPI...
EUVD-2023-57784
Malicious code in bioql PyPI...
EUVD-2023-29862
Malicious code in bioql PyPI...
CVE-2025-9115
The Etsy Shop WordPress plugin before 3.0.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
WordPress Etsy Shop plugin < 3.0.7 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin Etsy Shop versions 3.0.7...
CVE-2025-9115
The Etsy Shop WordPress plugin before 3.0.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2025-9115 Etsy Shop < 3.0.7 - Reflected XSS via $_SERVER['REQUEST_URI']
The Etsy Shop WordPress plugin before 3.0.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2025-9115
CVE-2025-9115 affects the Etsy Shop WordPress plugin (versions older than 3.0.7). The issue is caused by not escaping the $_SERVER['REQUEST_URI'] value when outputting it into an attribute, enabling a reflected cross-site scripting (XSS) vulnerability in old browsers. The vulnerability is mitigat...
CVE-2025-9115 Etsy Shop < 3.0.7 - Reflected XSS via $_SERVER['REQUEST_URI']
The Etsy Shop WordPress plugin before 3.0.7 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
WordPress plugin Etsy Shop 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-38689
Name of the Vulnerable Software and Affected Versions Etsy Shop WordPress plugin versions prior to 3.0.7 Description The plugin does not properly sanitize the $ SERVER'REQUEST URI' parameter before using it in an attribute, potentially allowing for Reflected Cross-Site Scripting in older web...
CVE-2024-1230
The SimpleShop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.0. This is due to missing or incorrect nonce validation on the maybedisconnectsimpleshop function. This makes it possible for unauthenticated attackers to disconnect the site...
CVE-2023-5470
The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'etsy-shop' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
WordPress WP shop plugin <= 2.6.1 - CSRF to Arbitrary File Upload vulnerability
CSRF to Arbitrary File Upload vulnerability discovered by theviper17 in WordPress Plugin WP shop versions = 2.6.1...
WordPress plugin CiyaShop 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
CVE-2024-12432
The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generatekey' function not producing a sufficiently random value. This makes it possible for authenticated...
CVE-2024-12432
The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generatekey' function not producing a sufficiently random value. This makes it possible for authenticated...
WordPress SimpleShop plugin <= 2.10.2 - Missing Authorization vulnerability
Missing Authorization vulnerability discovered by Francesco Carlucci in WordPress Plugin SimpleShop versions = 2.10.2...