Lucene search
K

4 matches found

NVD
NVD
added 2025/05/07 3:15 a.m.23 views

CVE-2025-3853

The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callbackgenerateapikey due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above...

6.5CVSS0.00205EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/07 1:43 a.m.8 views

CVE-2025-3853 WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation

The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callbackgenerateapikey due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above...

6.5CVSS6.2AI score0.00205EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/07 1:43 a.m.25 views

CVE-2025-3853 WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation

The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callbackgenerateapikey due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above...

6.5CVSS0.00205EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/05/06 8:59 p.m.10 views

WordPress WPshop 2 plugin 2.0.0-2.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary User Key Generation vulnerability discovered by kr0d in WordPress Plugin WP shop versions 2.0.0-2.6.0...

6.5CVSS8.2AI score0.00205EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder