High 7.5 Unfixed
2026-02-20≤ 2.6.1
CVE-2025-69383
WPshop 2 – E-Commerce
Minimum safe version
3.4.3.19
Update to 3.4.3.19 or later to address 6 fixable vulnerabilities
Latest available2.6.1 ✗Affected up to2.6.0 ⚠⚠ 2 vulnerabilities have no fix
Critical 9.8
2025-07-19< 1.3.9.6
CVE-2015-10135
Medium 6.5
2025-05-07≥ 2.0.0 and ≤ 2.6.0
WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation
High 8.8
2025-05-07≥ 2.0.0 and ≤ 2.6.0
WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover
Critical 9.6 Unfixed
2025-04-09≤ 2.6.1
WordPress WP shop plugin <= 2.6.1 - CSRF to Arbitrary File Upload vulnerability
N/A
< 1.3.9.6
Wpshop - eCommerce <= 1.3.9.5 - Arbitrary File Upload
N/A
2015-03-09< 1.3.9.6
WPshop 2 – E-Commerce < 1.3.9.6 - Arbitrary File Upload
N/A
2015-03-09< 1.3.9.6
WordPress WP shop Plugin <= 1.3.9.5 - Arbitrary File Upload
N/A
2015-07-08< 3.4.3.16
WordPress Shop Plugin <= 3.4.3.15 - Blind SQL Injection
N/A
2015-09-17< 3.4.3.19
WordPress Shop Plugin <= 3.4.3.18 - Multiple Vulnerabilities