VYPR

Wpshop

by WordPress

Source repositories

CVEs (4)

  • CVE-2025-32576CriApr 9, 2025
    risk 0.62cvss 9.6epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows Upload a Web Shell to a Web Server.This issue affects WP shop: from n/a through <= 2.6.1.

  • CVE-2025-3852HigMay 7, 2025
    risk 0.57cvss 8.8epss 0.00

    The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email & password through the update()…

  • CVE-2025-3853MedMay 7, 2025
    risk 0.42cvss 6.5epss 0.00

    The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callback_generate_api_key() due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with…

  • CVE-2022-36793MedSep 9, 2022
    risk 0.42cvss 6.5epss 0.01

    Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6 at WordPress.