EverShop — Vulnerabilities & Security Advisories 3

All 3 CVE vulnerabilities found in EverShop, with AI-generated Chinese analysis, references, and POCs.

Vendor: n/a

CVE ID	Title	CVSS	Severity	Published
CVE-2026-28213	EverShop Vulnerable to Arbitrary Customer Account Takeover via Exposure of Password Reset Token in API Response CWE-200	9.8	Critical	2026-02-26
CVE-2026-25993	EverShop has a Second-Order SQL Injection in URL Rewrite Processing Derived from Category URL Keys CWE-89	9.8^AI	Critical^AI	2026-02-10
CVE-2025-12919	EverShop Order Order.resolvers.js resource injection CWE-99	3.7	Low	2025-11-09

All 3 known CVE vulnerabilities affecting EverShop with full Chinese analysis, references, and POCs where available.