CVE-2025-32576

Name of the Vulnerable Software and Affected Versions: Agence web Eoxia - Montpellier WP shop versions n/a through 2.6.0

Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to upload a web shell to a web server. This can be achieved through exploiting the CSRF vulnerability in the affected software.

Recommendations: For Agence web Eoxia - Montpellier WP shop versions n/a through 2.6.0, consider disabling any functionality that allows file uploads until a patch is available. Restrict access to sensitive areas of the web application to minimize the risk of exploitation. Avoid using the affected WP shop until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.