4 matches found
CVE-2025-3853
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callbackgenerateapikey due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above...
CVE-2025-3853 WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callbackgenerateapikey due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above...
CVE-2025-3853 WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callbackgenerateapikey due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above...
WordPress WPshop 2 plugin 2.0.0-2.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation
Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary User Key Generation vulnerability discovered by kr0d in WordPress Plugin WP shop versions 2.0.0-2.6.0...