CVE-2015-10135 | WPshop 2 prior 1.3.9.6 on WordPress ajaxUpload unrestricted upload

July 19, 2025 Yanac

A vulnerability classified as critical was found in WPshop 2 on WordPress. Affected by this vulnerability is the function ajaxUpload. The manipulation leads to unrestricted upload.

This vulnerability is known as CVE-2015-10135. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More

CVE-2015-10137 | Website Contact Form with File Upload Plugin up to 1.3.4 on WordPress upload_file unrestricted upload
CVE-2015-10134 | Simple Backup Plugin up to 2.7.10 on WordPress download_backup_file path traversal