23 matches found
CVE-2025-69383 WordPress WP shop plugin <= 2.6.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows PHP Local File Inclusion.This issue affects WP shop: from n/a through = 2.6.1...
CVE-2025-69383 WordPress WP shop plugin <= 2.6.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows PHP Local File Inclusion.This issue affects WP shop: from n/a through = 2.6.1...
WordPress plugin WP shop 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
EUVD-2024-28999
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPShop.Ru AdsPlace'r – Ad Manager, Inserter, AdSense Ads allows DOM-Based XSS.This issue affects AdsPlace'r – Ad Manager, Inserter, AdSense Ads: from n/a through 1.1.5...
EUVD-2022-39493
Malicious code in bioql PyPI...
EUVD-2025-10590
Malicious code in bioql PyPI...
CVE-2024-11140
The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin through 2.0.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for exampl...
CVE-2024-11140
The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin through 2.0.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for exampl...
CVE-2024-11140 Real WP Shop Lite Ajax eCommerce Shopping Cart <= 2.0.8 - Admin+ Stored XSS
The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin through 2.0.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for exampl...
CVE-2024-11140 Real WP Shop Lite Ajax eCommerce Shopping Cart <= 2.0.8 - Admin+ Stored XSS
The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin through 2.0.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for exampl...
CVE-2025-32576
Cross-Site Request Forgery CSRF vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows Upload a Web Shell to a Web Server.This issue affects WP shop: from n/a through = 2.6.1...
CVE-2025-32576
Cross-Site Request Forgery CSRF vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows Upload a Web Shell to a Web Server.This issue affects WP shop: from n/a through = 2.6.1...
CVE-2025-32576 WordPress WP shop plugin <= 2.6.1 - CSRF to Arbitrary File Upload vulnerability
Cross-Site Request Forgery CSRF vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows Upload a Web Shell to a Web Server.This issue affects WP shop: from n/a through = 2.6.1...
WordPress WP shop plugin <= 2.6.1 - CSRF to Arbitrary File Upload vulnerability
CSRF to Arbitrary File Upload vulnerability discovered by theviper17 in WordPress Plugin WP shop versions = 2.6.1...
CVE-2022-36793
Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin = 3.9.6 at WordPress...
CVE-2022-36793 WordPress WP Shop plugin <= 3.9.6 - Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities
Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin = 3.9.6 at WordPress...
CVE-2022-36793 WordPress WP Shop plugin <= 3.9.6 - Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities
Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin = 3.9.6 at WordPress...
CVE-2022-36793
The CVE-2022-36793 entry concerns the WP Shop WordPress plugin, affected in versions 3.9.6 and earlier. The vulnerability is described as unauthenticated plugin settings change and data deletion, caused by a lack of proper authentication when updating plugin settings. Practical impact stated acro...
PT-2022-23629 · WordPress · Wp Shop
Name of the Vulnerable Software and Affected Versions: WP Shop plugin versions 3.9.6 and earlier Description: The issue concerns Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities. This allows for changes to plugin settings and deletion of data without proper authentication...
WP Shop Original <= 3.9.6 - Unauthenticated Settings Update
The plugin does not have authorisation check when updating its settings, which could allow unauthenticated attackers to update them...