CVE-2025-12358 ShopEngine <= 4.8.5 - Cross-Site Request Forgery to Wishlist Manipulation

The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing nonce validation on the "postaddtolist" function as well as an incorrect permissions callback in the "Api/init"...

WordPress ShopEngine plugin <= 4.8.5 - Cross-Site Request Forgery to Wishlist Manipulation vulnerability

Cross-Site Request Forgery to Wishlist Manipulation vulnerability discovered by Adrian Lukita in WordPress Plugin ShopEngine versions = 4.8.5...

CVE-2025-11888

The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the postdeactive function and postactivate function in all versions up to, and including, 4.8.4...

CVE-2025-11888 ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status Update

The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the postdeactive function and postactivate function in all versions up to, and including, 4.8.4...

CVE-2025-11888 ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status Update

The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the postdeactive function and postactivate function in all versions up to, and including, 4.8.4...

CVE-2025-11888

The CVE-2025-11888 entry concerns the WordPress plugin ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution. Affected versions are

EUVD-2025-35906

The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the postdeactive function and postactivate function in all versions up to, and including, 4.8.4...

EUVD-2022-48268

Malicious code in bioql PyPI...

WordPress plugin ShopEngine Elementor WooCommerce Builder Addon 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...

WordPress ShopEngine plugin <= 4.8.3 - Insufficient Authorization to Authenticated (Editor+) Settings Update vulnerability

Insufficient Authorization to Authenticated Editor+ Settings Update vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin ShopEngine versions = 4.8.3...

CVE-2022-45371 WordPress ShopEngine Plugin <= 4.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Wpmet ShopEngine plugin = 4.1.1 versions...

CVE-2022-45371

CVE-2022-45371: A CSRF vulnerability in ShopEngine (WordPress plugin) affects versions

WordPress ShopEngine Plugin <= 4.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software ShopEngine Type Plugin Vulnerable versions = 4.1.1 Fixed in 4.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-45371 Patch priority Low CVSS severity Low 5.4 Developer Wpmet PSID 491b80f78482 Credits Muhammad Daffa Required privilege...