CVE-2025-32195

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Stored XSS.This issue affects Ecwid Shopping Cart: from n/a through = 7.0...

CVE-2025-32195 WordPress Ecwid Shopping Cart plugin <= 7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Stored XSS.This issue affects Ecwid Shopping Cart: from n/a through = 7.0...

CVE-2025-32195

CVE-2025-32195 – Ecwid by Lightspeed Ecommerce Shopping Cart: Stored XSS in Ecwid Shopping Cart (affects versions up to 7.0). Root cause: improper input neutralization during web page generation. Impact: confidentiality, integrity, and availability can be affected (per CVSS v3.1: AV:N/AC:L/PR:L/U...

CVE-2025-32195 WordPress Ecwid Shopping Cart plugin <= 7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Stored XSS.This issue affects Ecwid Shopping Cart: from n/a through = 7.0...

WordPress Ecwid Shopping Cart plugin <= 7.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ngô Thiên An ancorn from VNPT-VCI in WordPress Plugin Ecwid Shopping Cart versions = 7.0...

WordPress plugin Ecwid Shopping Cart 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

PT-2025-14977 · Ecwid · Ecwid Shopping Cart

Name of the Vulnerable Software and Affected Versions: Ecwid Shopping Cart versions n/a through 7.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For versio...

CVE-2024-13795

The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. This is due to missing or incorrect nonce validation on the ecwiddeactivatefeedback function. This makes it possible for unauthenticated...

CVE-2024-13795

The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. This is due to missing or incorrect nonce validation on the ecwiddeactivatefeedback function. This makes it possible for unauthenticated...

CVE-2024-13795

The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. This is due to missing or incorrect nonce validation on the ecwiddeactivatefeedback function. This makes it possible for unauthenticated...

CVE-2024-13795 Ecwid by Lightspeed Ecommerce Shopping Cart <= 6.12.27 - Cross-Site Request Forgery to Send Deactivation Message

The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. This is due to missing or incorrect nonce validation on the ecwiddeactivatefeedback function. This makes it possible for unauthenticated...

CVE-2024-13795

CVE-2024-13795 affects Ecwid by Lightspeed Ecommerce Shopping Cart for WordPress. Vulnerability: Cross-Site Request Forgery due to missing/incorrect nonce validation in ecwid_deactivate_feedback(). Impact: unauthenticated attacker can trigger deactivation messages on behalf of the site owner by d...

CVE-2024-13795 Ecwid by Lightspeed Ecommerce Shopping Cart <= 6.12.27 - Cross-Site Request Forgery to Send Deactivation Message

The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. This is due to missing or incorrect nonce validation on the ecwiddeactivatefeedback function. This makes it possible for unauthenticated...

WordPress plugin Ecwid by Lightspeed Ecommerce Shopping Cart 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plugin Ecwid by...

WordPress Ecwid by Lightspeed Ecommerce Shopping Cart plugin <= 6.12.27 - Cross-Site Request Forgery to Send Deactivation Message vulnerability

Cross-Site Request Forgery to Send Deactivation Message vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin Ecwid Shopping Cart versions = 6.12.27...

CVE-2022-2432

The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwidupdatepluginparams function. This makes it possible for unauthenticated attackers to updat...

CVE-2024-2456

The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 6.12.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-2456 Ecwid Ecommerce Shopping Cart <= 6.12.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 6.12.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2024-20450 · WordPress · Ecwid Ecommerce Shopping Cart

Name of the Vulnerable Software and Affected Versions: Ecwid Ecommerce Shopping Cart plugin for WordPress versions up to, and including, 6.12.10 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes ...

WordPress Plugin Ecwid Ecommerce Shopping Cart 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...