2 matches found
CVE-2024-2456
The CVE-2024-2456 entry for Ecwid Ecommerce Shopping Cart (WordPress) describes a Stored XSS via plugin shortcodes in versions up to 6.12.10 due to insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authentication at contributor level or higher,...
WordPress Ecwid Shopping Cart Plugin <= 6.12.10 is vulnerable to Cross Site Scripting (XSS)
Software Ecwid Shopping Cart Type Plugin Vulnerable versions = 6.12.10 Fixed in 6.12.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2456 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 58dc51eadb76 Credits Krzysztof Zając...