116 matches found
WordPress Ecwid Shopping Cart Plugin <= 6.11.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Ecwid Shopping Cart Type Plugin Vulnerable versions = 6.11.3 Fixed in 6.11.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-24377 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3d1f8153fcc5 Credits István Márton...
CVE-2022-2432
The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwidupdatepluginparams function. This makes it possible for unauthenticated attackers to updat...
CVE-2022-2432
The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwidupdatepluginparams function. This makes it possible for unauthenticated attackers to updat...
Cross site request forgery (csrf)
The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwidupdatepluginparams function. This makes it possible for unauthenticated attackers to updat...
CVE-2022-2432 Ecwid Ecommerce Shopping Cart <= 6.10.23 - Cross-Site Request Forgery to Settings/Options Update
The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwidupdatepluginparams function. This makes it possible for unauthenticated attackers to updat...
CVE-2022-2432 Ecwid Ecommerce Shopping Cart <= 6.10.23 - Cross-Site Request Forgery to Settings/Options Update
The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwidupdatepluginparams function. This makes it possible for unauthenticated attackers to updat...
CVE-2022-2432
The CVE-2022-2432 entry concerns the Ecwid Ecommerce Shopping Cart WordPress plugin (versions up to 6.10.23). The underlying issue is missing or incorrect nonce validation in the ecwid_update_plugin_params function, enabling Cross-Site Forgery requests to update plugin settings. Impact described ...
PT-2022-16604 · Ecwid · Ecwid Ecommerce Shopping Cart
Name of the Vulnerable Software and Affected Versions: Ecwid Ecommerce Shopping Cart plugin for WordPress versions up to, and including, 6.10.23 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ecwid update plugin params function...
WordPress Ecwid Ecommerce Shopping Cart 6.10.23 Cross Site Request Forgery
Description: Cross-Site Request Forgery to Settings/Options Update Affected Plugin: Ecwid Ecommerce Shopping Cart Plugin Slug: ecwid-shopping-cart Affected Versions: = 6.10.23 CVE ID: CVE-2022-2432 CVSS Score: 8.8 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Researcher/s: Marco...
WordPress plugin Ecwid Ecommerce Shopping Cart 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
Cross-Site Request Forgery Vulnerability Patched in Ecwid Ecommerce Shopping Cart Plugin
On June 24, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a Cross-Site Request Forgery vulnerability we discovered in Ecwid Ecommerce Shopping Cart, a WordPress plugin installed on over 30,000 sites. This vulnerability made it possible for attackers...
WordPress Ecwid Ecommerce Shopping Cart plugin <= 6.10.23 - Cross-Site Request Forgery (CSRF) vulnerability leading to Settings/Options update
Cross-Site Request Forgery CSRF vulnerability leading to Settings/Options update discovered by Marco Wotschka in WordPress Ecwid Ecommerce Shopping Cart plugin versions = 6.10.23. Solution Update the WordPress Ecwid Shopping Cart plugin to the latest available version at least 6.10.24...
Ecwid Ecommerce Shopping Cart < 6.10.24 - Settings Update via CSRF
The plugin does not correctly check for CSRF when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Ecwid - Customized SSL, Exported ContentProvider, MIT license vulnerabilities
HackApp vulnerability scanner discovered that application Ecwid published at the 'play' market has multiple vulnerabilities...
WordPress Ecwid Shopping Cart Plugin <= 4.4.3 - Unauthenticated PHP Object Injection
Because of this vulnerability, attackers can execute arbitrary PHP code. Solution Update the plugin...
Ecwid Ecommerce Shopping Cart <= 4.4.3 - Unauthenticated PHP Object Injection
The Ecwid Ecommerce Shopping Cart WordPress plugin was affected by an Unauthenticated PHP Object Injection security vulnerability...