Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More 1.5.0

  • Severity: high-risk
  • Status: Fixed
  • Publication: September 16, 2025

The StoreEngine is a WordPress plugin that allows users to make payments, create memberships, manage affiliates, and track sales. However, this plugin has a security vulnerability that allows attackers to upload any type of file to the website’s server. This can potentially lead to the execution of remote code, giving the attacker control over the website.

Detected in:

StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More fixed vulnerable versions: >= * <= 1.5.0
StoreEngine — Complete eCommerce Solution with Memberships, Licensing, Affiliates & More fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.