26 matches found
CVE-2025-69383
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows PHP Local File Inclusion.This issue affects WP shop: from n/a through = 2.6.1...
PT-2026-21164
Name of the Vulnerable Software and Affected Versions Agence web Eoxia - Montpellier WP shop wpshop versions through 2.6.1 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows fo...
CVE-2024-31088
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPShop.Ru AdsPlace'r – Ad Manager, Inserter, AdSense Ads allows DOM-Based XSS.This issue affects AdsPlace'r – Ad Manager, Inserter, AdSense Ads: from n/a through 1.1.5...
EUVD-2015-9394
Malware in sbrugna...
EUVD-2025-13657
Malicious code in bioql PyPI...
CVE-2015-10135
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxUpload function in versions before 1.3.9.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may...
WordPress plugin WPshop 2 – E-Commerce 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
CVE-2025-3853
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callbackgenerateapikey due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above...
CVE-2025-3853
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callbackgenerateapikey due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above...
CVE-2025-3852
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email & password through the update function. This makes i...
CVE-2025-3852 WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email & password through the update function. This makes i...
CVE-2025-3852
CVE-2025-3852 (WPshop 2 – E-Commerce) is a privilege-escalation vulnerability affecting WPshop 2 versions 2.0.0–2.6.0. The bug arises from insufficient identity validation in the update() function, enabling authenticated users with subscriber-level access or higher to modify arbitrary users’ cred...
CVE-2025-3852 WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email & password through the update function. This makes i...
CVE-2025-3853 WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callbackgenerateapikey due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above...
CVE-2025-3853 WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callbackgenerateapikey due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above...
CVE-2025-3853
CVE-2025-3853 affects WPshop 2 – E-Commerce for WordPress (versions 2.0.0–2.6.0). The vulnerability is an Insecure Direct Object Reference in the callback_generate_api_key() function due to missing validation on a user-controlled key. Exploitation requires authenticated access at Subscriber level...
PT-2025-19908 · WordPress · Wpshop 2
Name of the Vulnerable Software and Affected Versions: WPshop 2 – E-Commerce plugin for WordPress versions 2.0.0 through 2.6.0 Description: The issue is related to privilege escalation via account takeover. This occurs because the plugin does not properly validate a user's identity before updatin...
PT-2025-19909 · WordPress · Wpshop 2
Name of the Vulnerable Software and Affected Versions: WPshop 2 – E-Commerce plugin for WordPress versions 2.0.0 through 2.6.0 Description: The issue allows authenticated attackers with Subscriber-level access and above to create valid API keys on behalf of other users due to missing validation o...
CVE-2025-30550
Cross-Site Request Forgery CSRF vulnerability in WPShop.ru CallPhone'r callphoner allows Stored XSS.This issue affects CallPhone'r: from n/a through = 1.1.1...
CVE-2025-30550
Cross-Site Request Forgery CSRF vulnerability in WPShop.ru CallPhone'r callphoner allows Stored XSS.This issue affects CallPhone'r: from n/a through = 1.1.1...