VYPR

Etsy Shop

by WordPress

Source repositories

CVEs (3)

  • CVE-2025-9115MedSep 22, 2025
    risk 0.36cvss 5.6epss 0.00

    The Etsy Shop WordPress plugin before 3.0.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.

  • CVE-2023-25975MedNov 9, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Frédéric Sheedy Etsy Shop plugin <= 3.0.3 versions.

  • CVE-2023-5470MedOct 12, 2023
    risk 0.35cvss 6.4epss 0.00

    The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'etsy-shop' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated…