6 matches found
CVE-2023-51533
CVE-2023-51533 affects the WordPress Ecwid Ecommerce Shopping Cart plugin (versions up to 6.12.4). The vulnerability is a Cross-Site Request Forgery (CSRF) flaw caused by missing nonce validation on several AJAX-triggered functions (in includes/class-ecwid-admin-storefront-page.php). Impact invol...
CVE-2022-2432
The CVE-2022-2432 entry concerns the Ecwid Ecommerce Shopping Cart WordPress plugin (versions up to 6.10.23). The underlying issue is missing or incorrect nonce validation in the ecwid_update_plugin_params function, enabling Cross-Site Forgery requests to update plugin settings. Impact described ...
CVE-2023-6292
CVE-2023-6292 affects the Ecwid Ecommerce Shopping Cart WordPress plugin prior to 6.12.5. The issue is a missing CSRF check when updating plugin settings, allowing a logged-in admin to be coerced into changing settings via a CSRF attack. The core vulnerability lies in missing nonce/CSRF validatio...
CVE-2024-13795
CVE-2024-13795 affects Ecwid by Lightspeed Ecommerce Shopping Cart for WordPress. Vulnerability: Cross-Site Request Forgery due to missing/incorrect nonce validation in ecwid_deactivate_feedback(). Impact: unauthenticated attacker can trigger deactivation messages on behalf of the site owner by d...
CVE-2023-24377
CVE-2023-24377 affects the WordPress Ecwid Ecommerce Shopping Cart plugin up to version 6.11.3. It is a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to trigger actions in an admin session when a user visits a malicious page. Root cause per the sources is missing CS...
CVE-2023-24408
CVE-2023-24408 affects the Ecwid Ecommerce Shopping Cart WordPress plugin, where a Stored XSS vulnerability can be triggered in versions