35 matches found
EUVD-2023-28464
Malicious code in bioql PyPI...
EUVD-2023-28433
Malicious code in bioql PyPI...
EUVD-2024-27405
Malicious code in bioql PyPI...
EUVD-2022-34693
Malicious code in bioql PyPI...
EUVD-2023-56245
Malicious code in bioql PyPI...
CVE-2023-51533
Cross-Site Request Forgery CSRF vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4...
CVE-2023-6292
The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2023-24408
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin = 6.11.4 versions...
CVE-2022-2432
The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwidupdatepluginparams function. This makes it possible for unauthenticated attackers to updat...
CVE-2024-2456
The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 6.12.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-2456 Ecwid Ecommerce Shopping Cart <= 6.12.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 6.12.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-51533
Cross-Site Request Forgery CSRF vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4...
CVE-2023-51533
CVE-2023-51533 affects the WordPress Ecwid Ecommerce Shopping Cart plugin (versions up to 6.12.4). The vulnerability is a Cross-Site Request Forgery (CSRF) flaw caused by missing nonce validation on several AJAX-triggered functions (in includes/class-ecwid-admin-storefront-page.php). Impact invol...
WordPress Plugin Ecwid Ecommerce Shopping Cart Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...
CVE-2023-6292 Ecwid Ecommerce Shopping Cart < 6.12.5 - Arbitrary Plugin Settings Change via CSRF
The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2023-6292 Ecwid Ecommerce Shopping Cart < 6.12.5 - Arbitrary Plugin Settings Change via CSRF
The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
PT-2024-14926 · WordPress · Ecwid Ecommerce Shopping Cart
Name of the Vulnerable Software and Affected Versions: Ecwid Ecommerce Shopping Cart WordPress plugin versions prior to 6.12.5 Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...
Ecwid Ecommerce Shopping Cart < 6.12.5 - Arbitrary Plugin Settings Change via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. http://vulnerable-site.tld/wp-admin/admin-ajax.php?action=ecwidstorefrontsetpageslug&slug=hehehehe Besides, you can disable the...
CVE-2023-24408
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin = 6.11.4 versions...