Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for StoreEngine — Complete eCommerce Solution with Memberships, Licensing, Affiliates & More by kodezen

    CVE-2025-9216 (GCVE-0-2025-9216)

    Vulnerability from nvd – Published: 2025-09-17 06:17 – Updated: 2026-04-08 17:03
    VLAI
    Title
    StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Upload
    Summary
    The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import() function in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Credits
    Ryan Kozak
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9216",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-17T12:53:18.549617Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-17T12:53:28.622Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "StoreEngine \u2014 Complete eCommerce Solution with Memberships, Licensing, Affiliates \u0026 More",
              "vendor": "kodezen",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ryan Kozak"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The StoreEngine \u2013 Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales \u0026 More plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import() function in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:03:23.505Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7f8cc393-4d6f-4d15-ad95-d4a89dfe433c?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/storeengine/trunk/addons/csv/ajax/import.php#L52"
            },
            {
              "url": "https://github.com/d0n601/CVE-2025-9216"
            },
            {
              "url": "https://ryankozak.com/posts/cve-2025-9216/"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3360097/storeengine/trunk/addons/csv/ajax/import.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-07T19:24:39.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2025-09-16T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "StoreEngine \u2013 Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales \u0026 More \u003c= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-9216",
        "datePublished": "2025-09-17T06:17:48.502Z",
        "dateReserved": "2025-08-19T20:08:21.967Z",
        "dateUpdated": "2026-04-08T17:03:23.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9215 (GCVE-0-2025-9215)

    Vulnerability from nvd – Published: 2025-09-17 06:17 – Updated: 2026-04-08 16:34
    VLAI
    Title
    StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Download
    Summary
    The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the file_download() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Credits
    Ryan Kozak
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9215",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-17T12:51:40.073150Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-17T12:51:48.860Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "StoreEngine \u2014 Complete eCommerce Solution with Memberships, Licensing, Affiliates \u0026 More",
              "vendor": "kodezen",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ryan Kozak"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The StoreEngine \u2013 Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales \u0026 More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the file_download() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:34:03.186Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/07b1dc05-1340-4ea3-9315-3e1ca4a0cb7f?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/storeengine/trunk/addons/csv/ajax/export.php#L47"
            },
            {
              "url": "https://github.com/d0n601/CVE-2025-9215"
            },
            {
              "url": "https://ryankozak.com/posts/cve-2025-9215/"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3360097/storeengine/trunk/addons/csv/ajax/export.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-07T19:24:38.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2025-09-16T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "StoreEngine \u2013 Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales \u0026 More \u003c= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Download"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-9215",
        "datePublished": "2025-09-17T06:17:47.572Z",
        "dateReserved": "2025-08-19T20:03:22.388Z",
        "dateUpdated": "2026-04-08T16:34:03.186Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9216 (GCVE-0-2025-9216)

    Vulnerability from cvelistv5 – Published: 2025-09-17 06:17 – Updated: 2026-04-08 17:03
    VLAI
    Title
    StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Upload
    Summary
    The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import() function in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Credits
    Ryan Kozak
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9216",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-17T12:53:18.549617Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-17T12:53:28.622Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "StoreEngine \u2014 Complete eCommerce Solution with Memberships, Licensing, Affiliates \u0026 More",
              "vendor": "kodezen",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ryan Kozak"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The StoreEngine \u2013 Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales \u0026 More plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import() function in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:03:23.505Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7f8cc393-4d6f-4d15-ad95-d4a89dfe433c?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/storeengine/trunk/addons/csv/ajax/import.php#L52"
            },
            {
              "url": "https://github.com/d0n601/CVE-2025-9216"
            },
            {
              "url": "https://ryankozak.com/posts/cve-2025-9216/"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3360097/storeengine/trunk/addons/csv/ajax/import.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-07T19:24:39.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2025-09-16T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "StoreEngine \u2013 Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales \u0026 More \u003c= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-9216",
        "datePublished": "2025-09-17T06:17:48.502Z",
        "dateReserved": "2025-08-19T20:08:21.967Z",
        "dateUpdated": "2026-04-08T17:03:23.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9215 (GCVE-0-2025-9215)

    Vulnerability from cvelistv5 – Published: 2025-09-17 06:17 – Updated: 2026-04-08 16:34
    VLAI
    Title
    StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Download
    Summary
    The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the file_download() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Credits
    Ryan Kozak
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9215",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-17T12:51:40.073150Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-17T12:51:48.860Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "StoreEngine \u2014 Complete eCommerce Solution with Memberships, Licensing, Affiliates \u0026 More",
              "vendor": "kodezen",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ryan Kozak"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The StoreEngine \u2013 Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales \u0026 More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the file_download() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:34:03.186Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/07b1dc05-1340-4ea3-9315-3e1ca4a0cb7f?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/storeengine/trunk/addons/csv/ajax/export.php#L47"
            },
            {
              "url": "https://github.com/d0n601/CVE-2025-9215"
            },
            {
              "url": "https://ryankozak.com/posts/cve-2025-9215/"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3360097/storeengine/trunk/addons/csv/ajax/export.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-07T19:24:38.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2025-09-16T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "StoreEngine \u2013 Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales \u0026 More \u003c= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Download"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-9215",
        "datePublished": "2025-09-17T06:17:47.572Z",
        "dateReserved": "2025-08-19T20:03:22.388Z",
        "dateUpdated": "2026-04-08T16:34:03.186Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }