CVE-2025-28093

Name of the Vulnerable Software and Affected Versions ShopXO version 6.4.0

Description The issue is related to Server-Side Request Forgery (SSRF) in the Email Settings. This means an attacker could potentially forge requests from the server, leading to unauthorized access to internal systems or data.

Recommendations For ShopXO version 6.4.0, as a temporary workaround, consider restricting access to the Email Settings until a patch is available. Additionally, review server configurations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.