Ecwid Ecommerce Shopping Cart < 6.12.5 - Arbitrary Plugin Settings Change via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. PoC http://vulnerable-site.tld/wp-admin/admin-ajax.php?action=ecwidstorefrontsetpageslug=hehehehe Besides, you can disable the...

WordPress Ecwid Shopping Cart Plugin <= 6.12.3 is vulnerable to Broken Access Control

Software Ecwid Shopping Cart Type Plugin Vulnerable versions = 6.12.3 Fixed in 6.12.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5cdd0a137b51 Credits Unknown Required privilege...

CVE-2023-24408

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin = 6.11.4 versions...

CVE-2023-24408

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin = 6.11.4 versions...

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin = 6.11.4 versions...

CVE-2023-24408

CVE-2023-24408 affects the Ecwid Ecommerce Shopping Cart WordPress plugin, where a Stored XSS vulnerability can be triggered in versions

CVE-2023-24408 WordPress Ecwid Shopping Cart Plugin <= 6.11.4 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin = 6.11.4 versions...

CVE-2023-24408 WordPress Ecwid Shopping Cart Plugin <= 6.11.4 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin = 6.11.4 versions...

PT-2023-19569 · Ecwid · Ecwid Ecommerce Shopping Cart

Name of the Vulnerable Software and Affected Versions: Ecwid Ecommerce Shopping Cart plugin versions = 6.11.4 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability requires authentication and affects users with contributor or higher permissions...

Ecwid Shopping Cart < 6.11.5 - Contributor+ Stored Cross-Site Scriping

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

WordPress Ecwid Shopping Cart Plugin <= 6.11.4 is vulnerable to Cross Site Scripting (XSS)

Software Ecwid Shopping Cart Type Plugin Vulnerable versions = 6.11.4 Fixed in 6.11.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-24408 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7c6c8f1f1f87 Credits István Márton...

CVE-2023-24377

Cross-Site Request Forgery CSRF vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin = 6.11.3 versions...

CVE-2023-24377

Cross-Site Request Forgery CSRF vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin = 6.11.3 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin = 6.11.3 versions...

CVE-2023-24377

CVE-2023-24377 affects the WordPress Ecwid Ecommerce Shopping Cart plugin up to version 6.11.3. It is a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to trigger actions in an admin session when a user visits a malicious page. Root cause per the sources is missing CS...

CVE-2023-24377 WordPress Ecwid Shopping Cart Plugin <= 6.11.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin = 6.11.3 versions...

CVE-2023-24377 WordPress Ecwid Shopping Cart Plugin <= 6.11.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin = 6.11.3 versions...

WordPress plugin Ecwid Ecommerce Ecwid Ecommerce Shopping Cart 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2023-19538 · Ecwid · Ecwid Ecommerce Shopping Cart

Name of the Vulnerable Software and Affected Versions: Ecwid Ecommerce Shopping Cart plugin versions = 6.11.3 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web...

Ecwid Shopping Cart < 6.11.4 - Import via CSRF

The plugin does not have CSRF check when importing Woo data, which could allow attackers to make logged in admins perform such action via a CSRF attack...