MidnightBSD

Advisories for wpshopstyling

CVE-2013-0724 HIGH

PHP remote file inclusion vulnerability in includes/generate-pdf.php in the WP ecommerce Shop Styling plugin for WordPress before 1.8 allows remote attackers to execute arbitrary PHP code via a URL in the dompdf parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
wpshopstyling wp-ecommerce-shop-styling 1.5
wpshopstyling wp-ecommerce-shop-styling 1.6
wpshopstyling wp-ecommerce-shop-styling 1.2
wpshopstyling wp-ecommerce-shop-styling 1.4
wpshopstyling wp-ecommerce-shop-styling *
wpshopstyling wp-ecommerce-shop-styling 1.0
wpshopstyling wp-ecommerce-shop-styling 1.3
CVE-2015-5468 MEDIUM

Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
wpshopstyling wp_e-commerce_shop_styling *