CVE-2025-31048

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through 1.1.4...

CVE-2025-31048

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through 1.1.4...

CVE-2025-31048 WordPress Shopo <= 1.1.4 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through 1.1.4...

CVE-2025-31048

CVE-2025-31048 affects WordPress plugin/theme Shopo (Themify Shopo) up to version 1.1.4, with an Unrestricted Upload of File with Dangerous Type vulnerability that can permit uploading a web shell to the server. The issue is described across multiple sources (NVD/Red Hat entries and Patchstack), ...

CVE-2025-31048 WordPress Shopo <= 1.1.4 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through 1.1.4...

PT-2026-1265

Name of the Vulnerable Software and Affected Versions Themify Shopo versions through 1.1.4 Description An unrestricted file upload issue exists in Themify Shopo, allowing the upload of a web shell to a web server. This allows for remote code execution. The vulnerability involves the upload of fil...

WordPress plugin Shopo 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

WordPress Shopo <= 1.1.4 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Theme Shopo versions = 1.1.4...

WordPress Shopo theme <= 1.1.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Theme Shopo versions = 1.1.4...

WordPress Shopo Theme <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Software Shopo Type Theme Vulnerable versions = 1.1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-31013 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID b205c120e5db Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Shopo Theme - File Upload Arbitrary Code Execution

A "themify-ajax.php" file upload arbitrary PHP code execution vulnerability was found in WordPress Shopo theme. Solution Update the theme...