VYPR

Storeengine

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-9216HigSep 17, 2025
    risk 0.50cvss 8.8epss 0.01

    The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import() function in all versions up to, and including, 1.5.0. This…

  • CVE-2025-9215MedSep 17, 2025
    risk 0.35cvss 6.5epss 0.01

    The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the file_download() function. This makes it possible for authenticated…