Shopxo

6 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-5108 MEDIUM This Month

A vulnerability was found in zongzhige ShopXO 6.5.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass File Upload Shopxo
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-28094 MEDIUM POC This Month

shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XSS Shopxo
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-28093 MEDIUM POC This Month

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Shopxo
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2025-28092 MEDIUM POC This Month

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Shopxo
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2025-26325 CRITICAL POC Act Now

ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Shopxo
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-1611 MEDIUM POC This Month

A vulnerability was found in ShopXO up to 6.4.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Shopxo
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-5108
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability was found in zongzhige ShopXO 6.5.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass File Upload +1
NVD GitHub VulDB
CVE-2025-28094
EPSS 0% CVSS 6.5
MEDIUM POC This Month

shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XSS Shopxo
NVD
CVE-2025-28093
EPSS 0% CVSS 6.3
MEDIUM POC This Month

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Shopxo
NVD
CVE-2025-28092
EPSS 0% CVSS 6.3
MEDIUM POC This Month

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Shopxo
NVD
CVE-2025-26325
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Shopxo
NVD GitHub
CVE-2025-1611
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A vulnerability was found in ShopXO up to 6.4.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Shopxo
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy