Lucene search
+L
LightspeedhqEcwid Ecommerce Shopping Cart

6 matches found

CVE
CVE
added 2024/02/28 6:38 p.m.122 views

CVE-2023-51533

CVE-2023-51533 affects the WordPress Ecwid Ecommerce Shopping Cart plugin (versions up to 6.12.4). The vulnerability is a Cross-Site Request Forgery (CSRF) flaw caused by missing nonce validation on several AJAX-triggered functions (in includes/class-ecwid-admin-storefront-page.php). Impact invol...

6.1CVSS5.6AI score0.00183EPSS
CVE
CVE
added 2022/09/06 5:18 p.m.75 views

CVE-2022-2432

The CVE-2022-2432 entry concerns the Ecwid Ecommerce Shopping Cart WordPress plugin (versions up to 6.10.23). The underlying issue is missing or incorrect nonce validation in the ecwid_update_plugin_params function, enabling Cross-Site Forgery requests to update plugin settings. Impact described ...

8.8CVSS4.7AI score0.00482EPSS
CVE
CVE
added 2024/01/16 3:57 p.m.55 views

CVE-2023-6292

CVE-2023-6292 affects the Ecwid Ecommerce Shopping Cart WordPress plugin prior to 6.12.5. The issue is a missing CSRF check when updating plugin settings, allowing a logged-in admin to be coerced into changing settings via a CSRF attack. The core vulnerability lies in missing nonce/CSRF validatio...

4.3CVSS4.6AI score0.00217EPSS
Web
CVE
CVE
added 2025/02/18 7:28 a.m.50 views

CVE-2024-13795

CVE-2024-13795 affects Ecwid by Lightspeed Ecommerce Shopping Cart for WordPress. Vulnerability: Cross-Site Request Forgery due to missing/incorrect nonce validation in ecwid_deactivate_feedback(). Impact: unauthenticated attacker can trigger deactivation messages on behalf of the site owner by d...

4.3CVSS6.5AI score0.00176EPSS
CVE
CVE
added 2023/02/14 11:18 a.m.48 views

CVE-2023-24377

CVE-2023-24377 affects the WordPress Ecwid Ecommerce Shopping Cart plugin up to version 6.11.3. It is a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to trigger actions in an admin session when a user visits a malicious page. Root cause per the sources is missing CS...

8.8CVSS6.6AI score0.00264EPSS
CVE
CVE
added 2023/05/08 2:36 p.m.47 views

CVE-2023-24408

CVE-2023-24408 affects the Ecwid Ecommerce Shopping Cart WordPress plugin, where a Stored XSS vulnerability can be triggered in versions

6.5CVSS5.3AI score0.00387EPSS