[HIGH] Arbitrary file upload in ShopXO

PKSA-nydr-bchs-fr22 CVE-2021-41938 GHSA-86p5-97jr-r598

Affected version: <=2.2.0

Reported by:
GitHub

[CRITICAL] Incorrect Permission Assignment for Critical Resource in ShopXO

PKSA-6f32-r54n-brt2 CVE-2022-28056 GHSA-jfph-3hpg-2f65

Affected version: <2.2.6

Reported by:
GitHub