PHP remote file inclusion vulnerability in includes/generate-pdf.php in the WP ecommerce Shop Styling plugin for WordPress before 1.8 allows remote attackers to execute arbitrary PHP code via a URL in the dompdf parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| wpshopstyling | wp-ecommerce-shop-styling | 1.5 |
| wpshopstyling | wp-ecommerce-shop-styling | 1.6 |
| wpshopstyling | wp-ecommerce-shop-styling | 1.2 |
| wpshopstyling | wp-ecommerce-shop-styling | 1.4 |
| wpshopstyling | wp-ecommerce-shop-styling | * |
| wpshopstyling | wp-ecommerce-shop-styling | 1.0 |
| wpshopstyling | wp-ecommerce-shop-styling | 1.3 |
Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| wpshopstyling | wp_e-commerce_shop_styling | * |