shopxo/shopxo Security Advisories for v2.0.0 (6)
-
[MEDIUM] ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Image Upload
PKSA-j1x4-mxtx-qyhb CVE-2025-28092 GHSA-p736-g6pg-hjhw
Affected version: <=6.4.0
Reported by:
GitHub -
[MEDIUM] ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Email Settings
PKSA-qhm3-1ghs-3nvy CVE-2025-28093 GHSA-gfhv-5rqh-7qx3
Affected version: <=6.4.0
Reported by:
GitHub -
[MEDIUM] ShopXO Vulnerable to Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS)
PKSA-9324-gvhq-vph7 CVE-2025-28094 GHSA-24cf-848g-762c
Affected version: <=6.4.0
Reported by:
GitHub -
[MEDIUM] ShopXO Server-Side Request Forgery Vulnerability
PKSA-s39m-bvy5-njtn CVE-2024-6524 GHSA-c96r-38gv-grp4
Affected version: <=6.1.0
Reported by:
GitHub -
[HIGH] Arbitrary file upload in ShopXO
PKSA-nydr-bchs-fr22 CVE-2021-41938 GHSA-86p5-97jr-r598
Affected version: <=2.2.0
Reported by:
GitHub -
[CRITICAL] Incorrect Permission Assignment for Critical Resource in ShopXO
PKSA-6f32-r54n-brt2 CVE-2022-28056 GHSA-jfph-3hpg-2f65
Affected version: <2.2.6
Reported by:
GitHub