VYPR

Shopengine

by WordPress

Source repositories

CVEs (4)

  • CVE-2025-12358MedDec 3, 2025
    risk 0.21cvss 4.3epss 0.00

    The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing nonce validation on the "post_add_to_list" function as well as an incorrect permissions…

  • CVE-2025-10173LowSep 26, 2025
    risk 0.18cvss 2.7epss 0.00

    The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized access due to an incorrect capability check on the post_save() function in all versions up to, and including, 4.8.3. This makes it possible…

  • CVE-2025-11888LowOct 25, 2025
    risk 0.11cvss 2.7epss 0.00

    The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the post_deactive() function and post_activate() function in all versions up…

  • CVE-2022-45371May 25, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Wpmet ShopEngine plugin <= 4.1.1 versions.