21 matches found
EUVD-2025-29693
Malicious code in bioql PyPI...
EUVD-2025-29695
Malicious code in bioql PyPI...
CVE-2025-9216
The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import function in all versions up to, and including, 1.5.0. This makes it possible for...
CVE-2025-9215
The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the filedownload function. This makes it possible for authenticated attackers, with...
WordPress StoreEngine plugin path traversal vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A path traversal vulnerability exists in the WordPress StoreEngine plugin, which stems from a path traversal issue in the filedownload function. An attacker can exploit this...
CVE-2025-9215
The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the filedownload function. This makes it possible for authenticated attackers, with...
CVE-2025-9216
The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import function in all versions up to, and including, 1.5.0. This makes it possible for...
CVE-2025-9216 StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Upload
The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import function in all versions up to, and including, 1.5.0. This makes it possible for...
CVE-2025-9216 StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Upload
The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import function in all versions up to, and including, 1.5.0. This makes it possible for...
CVE-2025-9216
CVE-2025-9216 affects StoreEngine WordPress plugin versions up to 1.5.0. The vulnerability arises from an unauthenticated/file-type validation gap in the storeengine_csv/import AJAX action: uploaded files are moved to a server directory after only filename sanitization, enabling arbitrary file up...
CVE-2025-9215 StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Download
The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the filedownload function. This makes it possible for authenticated attackers, with...
CVE-2025-9215 StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Download
The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the filedownload function. This makes it possible for authenticated attackers, with...
CVE-2025-9215
CVE-2025-9215 – StoreEngine WordPress plugin is affected up to version 1.5.0 by a path traversal vulnerability in the file_download() function. The issue allows authenticated users with Subscriber-level access or higher to read arbitrary server files containing sensitive information. Public CVE r...
WordPress StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Download vulnerability
Authenticated Subscriber+ Arbitrary File Download vulnerability discovered by Ryan Kozak in WordPress Plugin StoreEngine versions = 1.5.0...
WordPress plugin StoreEngine 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
PT-2025-38122
Name of the Vulnerable Software and Affected Versions: StoreEngine versions up to and including 1.5.0 Description: The StoreEngine WordPress plugin is susceptible to a path traversal issue. This allows authenticated attackers with Subscriber-level access or higher to read arbitrary files on the...
PT-2025-38123
Name of the Vulnerable Software and Affected Versions: StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More versions prior to 1.5.1 Description: The StoreEngine WordPress plugin is susceptible to arbitrary file uploads due to the absence of file ty...
WordPress plugin StoreEngine 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A path traversal vulnerability exists in the WordPress StoreEngine plugin, which stems from a path traversal issue in the filedownload function. An attacker can exploit this...
WordPress StoreEngine plugin <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin StoreEngine versions = 1.5.0...
Exploit for CVE-2025-9216
StoreEngine – Powerful WordPress eCommerce Plugin for Payments...