CVE-2025-3853 – WordPress WPshop E-Commerce Plugin Insecure Direct Object Reference Vulnerability

May 6, 2025

CVE ID : CVE-2025-3853

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callback_generate_api_key() due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create valid API keys on behalf of other users.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3860 – CarDealerPress for WordPress Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-3852 – WordPress WPshop E-Commerce Privilege Escalation Vulnerability

Highlights

CVE-2025-8975 – Givanz Vvveb Cross-Site Scripting Vulnerability

August 14, 2025

CVE ID : CVE-2025-8975

Published : Aug. 14, 2025, 7:15 p.m. | 5 hours, 6 minutes ago

Description : A vulnerability was identified in givanz Vvveb up to 1.0.5. This affects an unknown part of the file admin/template/content/edit.tpl. The manipulation of the argument slug leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. The patch is named 84c11d69df8452dc378feecd17e2a62ac10dac66. It is recommended to upgrade the affected component.

Severity: 5.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Across the 4th Dimension

Cursor vs GitHub Copilot (2025): Which AI Platform Wins for Your Node.js Dev Team?

NuGet adds support for Trusted Publishing

AWS launches IDE extension for building browser automation agents

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

IDC ServiceScape for Microsoft Power Apps Low-Code/No-Code Custom Application Development Services

A Stream-Oriented UI library for interactive web applications

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

CVE-2025-3853 – WordPress WPshop E-Commerce Plugin Insecure Direct Object Reference Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-5827 – Autel MaxiCharger AC Wallbox Commercial BLE Stack-based Buffer Overflow Remote Code Execution Vulnerability

CVE-2025-51726 – CyberGhost VPN Weak SHA-1 Signing and Predictable ASLR Vulnerability

CVE-2025-29662 – LandChat Remote Code Execution (RCE)

AI-Driven Development Insiders Launch: 500 Seats. 24 Hours. 50% Off

CVE-2025-8975 – Givanz Vvveb Cross-Site Scripting Vulnerability

CVE-2025-49191 – Apache Atlas Cross-Site Scripting (XSS)

Demystifying Amazon Bedrock Pricing for a Chatbot Assistant

Critical ABB EIBPORT Flaw: Update Now to Prevent Building Automation Hijacks!

CVE-2025-3853 – WordPress WPshop E-Commerce Plugin Insecure Direct Object Reference Vulnerability

Related Posts