CVE-2020-24220

ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain control of the server...

CVE-2025-28093

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF in Email Settings...

CVE-2025-28094

shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places...

CVE-2025-28094

shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places...

CVE-2025-28092

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery SSRF via image upload function...

PT-2025-13589 · Shopxo · Shopxo

Name of the Vulnerable Software and Affected Versions: ShopXO version 6.4.0 Description: The issue is related to Server-Side Request Forgery SSRF in the Email Settings. This means an attacker could potentially forge requests from the server, leading to unauthorized access to internal systems or...

CVE-2025-26325

ShopXO 6.4.0 is vulnerable to Arbitrary File Upload via ThemeDataService.php. CVE-2025-26325 enables file upload without proper validation, with a reported CVSS v3.1 base score of 9.8 (CRITICAL). Several sources (SNYK, Red Hat, OSV, NVD) describe the issue; no fixed version is listed. Remediation...