cbcvebase.

Emagicone Store Manager For Woocommerce vulnerabilities

4 known vulnerabilities affecting emagicone/emagicone_store_manager_for_woocommerce.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1

Vulnerabilities

Page 1 of 1
CVE-2025-5058P2CRITICALCVSS 9.8≤ 1.2.52025-05-24
CVE-2025-5058 [CRITICAL] CWE-434 CVE-2025-5058: The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file upl The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_image() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code e
nvd
CVE-2025-4336P2CRITICALCVSS 9.8≤ 1.2.52025-05-24
CVE-2025-4336 [CRITICAL] CWE-434 CVE-2025-4336: The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file upl The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_file() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code ex
nvd
CVE-2025-4603P2CRITICALCVSS 9.1≤ 1.2.52025-05-24
CVE-2025-4603 [CRITICAL] CWE-73 CVE-2025-4603: The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file del The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code
nvd
CVE-2025-4602P3HIGHCVSS 7.5≤ 1.2.52025-05-24
CVE-2025-4602 [HIGH] CWE-73 CVE-2025-4602: The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Rea The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Reads in all versions up to, and including, 1.2.5 via the get_file() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. This is only exploitable by una
nvd
Emagicone Store Manager For Woocommerce vulnerabilities | cvebase