CVE-2015-10135

Published July 19th, 2025

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

N/A

Affected

PROJECTS

Description

The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxUpload function in versions before 1.3.9.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

espreto/wpsploit

WPSploit - Exploiting Wordpress With Metasploit

GitHub

233

WPshop 2 – E-Commerce

<p>Simple and powerfull ECommerce plugin for WordPress</p> <h4>WPShop 2 Turn your WordPress into e-commerce</h4> <p>Simple, fast, efficient it will transform your WordPress into an internet sales site with Stripe, Paypal <a href="https://www.wpshop.fr/" title="extension wordpress e-commerce" rel="nofollow ugc">wpshop.fr</a><br /> Natively connect to your Dolibarr ERP, you just have to have coffee…[dolibarr.com](https://www.dolibarr.com/</p> <h4>Nos “french plugins”</h4> <p>Developed in France, we can provide support and production of additional modules for bank payments. Stripe and Paypal are included.<br /> French documentation<br /> https://wpshop.fr/documentation/</p> <h4>Nos thèmes “ready for eCommerce”</h4> <p>WPshop vous propose également des <a href="https://shop.eoxia.com/ecommerce/beflex/" title="themes pour wpshop" rel="nofollow ugc">thèmes wordpress eCommerce</a> optimisés et web responsives pour tablettes et mobiles.</p> <h3>Contactez l’auteur</h3> <p>[email protected]</p>

WordPress Plugin Directory

115K