Ecwid Ecommerce Shopping Cart Security Vulnerabilities and Issues — Ecwid Ecommerce Shopping Cart CVE List

Lucene search

LightspeedhqEcwid Ecommerce Shopping Cart

6 matches found

CVE•added 2024/02/28 7:15 p.m.•107 views

CVE-2023-51533

Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4.

6.1CVSS5.4AI score0.00069EPSS

CVE•added 2022/09/06 6:15 p.m.•54 views

CVE-2022-2432

The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwid_update_plugin_params function. This makes it possible for unauthenticated attackers to upda...

8.8CVSS4.7AI score0.00176EPSS

CVE•added 2025/02/18 8:15 a.m.•38 views

CVE-2024-13795

The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. This is due to missing or incorrect nonce validation on the ecwid_deactivate_feedback() function. This makes it possible for unauthenticate...

4.3CVSS6.5AI score0.00011EPSS

CVE•added 2023/02/14 12:15 p.m.•37 views

CVE-2023-24377

Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin

8.8CVSS6.6AI score0.0007EPSS

CVE•added 2024/01/16 4:15 p.m.•34 views

CVE-2023-6292

The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

4.3CVSS4.6AI score0.00125EPSS

CVE•added 2023/05/08 3:15 p.m.•31 views

CVE-2023-24408

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin

6.5CVSS5.3AI score0.00077EPSS