CVE-2025-9216 | StoreEngine Plugin up to 1.5.0 on WordPress import unrestricted upload

September 16, 2025 Yanac

A vulnerability labeled as critical has been found in StoreEngine Plugin up to 1.5.0 on WordPress. The affected element is the function Import. Such manipulation leads to unrestricted upload.

This vulnerability is uniquely identified as CVE-2025-9216. The attack can be launched remotely. No exploit exists.VulDB Recent EntriesRead More

CVE-2025-9891 | User Sync Plugin up to 1.0.2 on WordPress mo_user_sync_form_handler cross-site request forgery
CVE-2025-9215 | StoreEngine Plugin up to 1.5.0 on WordPress file_download path traversal