VYPR
Vendor

Etsy Shop Project

Products
3
CVEs
4
Across products
4
Status
Private

Products

3

Recent CVEs

4
  • CVE-2026-46741HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that the git repository contains an…

  • CVE-2025-9115MedSep 22, 2025
    risk 0.36cvss 5.6epss 0.00

    The Etsy Shop WordPress plugin before 3.0.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.

  • CVE-2023-25975MedNov 9, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Frédéric Sheedy Etsy Shop plugin <= 3.0.3 versions.

  • CVE-2023-5470MedOct 12, 2023
    risk 0.35cvss 6.4epss 0.00

    The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'etsy-shop' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated…