Eoxia Wpshop 2 – E-commerce
3 CVEs affecting Eoxia Wpshop 2 – E-commerce. Latest disclosed: 2025-07-19. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-10135 | Critical | 9.8 | 2025-07-19 | The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxUpload function in versio… |
CVE-2025-3852 | High | 8.8 | 2025-05-07 | The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0. This is due to the plugin… |
CVE-2025-3853 | Medium | 6.5 | 2025-05-07 | The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callback_generate_api_key()… |