Eoxia Wpshop 2 E-Commerce vulnerabilities
3 known vulnerabilities affecting eoxia/wpshop_2_e-commerce.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2015-10135P2CRITICALCVSS 9.8PoCfixed in 1.3.9.62025-07-19
CVE-2015-10135 [CRITICAL] CWE-434 CVE-2015-10135: The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missin
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxUpload function in versions before 1.3.9.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
nvd
CVE-2025-3852P2HIGHCVSS 8.8≥ 2.0.0, ≤ 2.6.02025-05-07
CVE-2025-3852 [HIGH] CWE-269 CVE-2025-3852: The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account tak
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email & password through the update() function. This makes it possible for authenticated attackers, with subscriber-
nvd
CVE-2025-3853P3MEDIUMCVSS 6.5≥ 2.0.0, ≤ 2.6.02025-05-07
CVE-2025-3853 [MEDIUM] CWE-639 CVE-2025-3853: The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callback_generate_api_key() due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create valid API keys on behalf of other users.
nvd