WordPress Ecwid Ecommerce Shopping Cart plugin <= 6.12.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Ecwid Shopping Cart versions = 6.12.10...

WordPress Ecwid Shopping Cart Plugin <= 6.12.10 is vulnerable to Cross Site Scripting (XSS)

Software Ecwid Shopping Cart Type Plugin Vulnerable versions = 6.12.10 Fixed in 6.12.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2456 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 58dc51eadb76 Credits Krzysztof Zając...

CVE-2023-51533

Cross-Site Request Forgery CSRF vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4...

CVE-2023-51533

Cross-Site Request Forgery CSRF vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4...

CVE-2023-51533

CVE-2023-51533 affects the WordPress Ecwid Ecommerce Shopping Cart plugin (versions up to 6.12.4). The vulnerability is a Cross-Site Request Forgery (CSRF) flaw caused by missing nonce validation on several AJAX-triggered functions (in includes/class-ecwid-admin-storefront-page.php). Impact invol...

CVE-2023-51533 WordPress Ecwid Shopping Cart Plugin <= 6.12.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4...

CVE-2023-51533 WordPress Ecwid Shopping Cart Plugin <= 6.12.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4...

PT-2024-14186 · Ecwid · Ecwid Ecommerce Shopping Cart

Name of the Vulnerable Software and Affected Versions: Ecwid Ecommerce Shopping Cart versions through 6.12.4 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability in Ecwid Ecommerce Shopping Cart. This type of vulnerability allows an attacker to trick a user into performing...

WordPress Plugin Ecwid Ecommerce Shopping Cart Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

CVE-2023-6292

The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2023-6292

The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2023-6292

CVE-2023-6292 affects the Ecwid Ecommerce Shopping Cart WordPress plugin prior to 6.12.5. The issue is a missing CSRF check when updating plugin settings, allowing a logged-in admin to be coerced into changing settings via a CSRF attack. The core vulnerability lies in missing nonce/CSRF validatio...

CVE-2023-6292 Ecwid Ecommerce Shopping Cart < 6.12.5 - Arbitrary Plugin Settings Change via CSRF

The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2023-6292 Ecwid Ecommerce Shopping Cart < 6.12.5 - Arbitrary Plugin Settings Change via CSRF

The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

WordPress plugin Ecwid Ecommerce Shopping Cart security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...

PT-2024-14926 · WordPress · Ecwid Ecommerce Shopping Cart

Name of the Vulnerable Software and Affected Versions: Ecwid Ecommerce Shopping Cart WordPress plugin versions prior to 6.12.5 Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...

Ecwid Ecommerce Shopping Cart < 6.12.5 - Cross-Site Request Forgery

Description The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.4. This is due to missing nonce validation on several functions hooked via AJAX in the /includes/class-ecwid-admin-storefront-page.php. This...

WordPress Ecwid Shopping Cart Plugin <= 6.12.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ecwid Shopping Cart Type Plugin Vulnerable versions = 6.12.4 Fixed in 6.12.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-51533 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bab8810452b9 Credits Brandon Rolda...

Ecwid Ecommerce Shopping Cart < 6.12.5 - Arbitrary Plugin Settings Change via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. PoC http://vulnerable-site.tld/wp-admin/admin-ajax.php?action=ecwidstorefrontsetpageslug=hehehehe Besides, you can disable the...