Lucene search

K
wpvulndbWpvulndbWPVDB-ID:D1316A66-675F-432E-AB35-12312768C4CB
HistoryJan 27, 2023 - 12:00 a.m.

Ecwid Shopping Cart < 6.11.4 - Import via CSRF

2023-01-2700:00:00
wpscan.com
12
ecwid
shopping cart
csrf
vulnerability
woo data
import
security

EPSS

0.001

Percentile

33.1%

The plugin does not have CSRF check when importing Woo data, which could allow attackers to make logged in admins perform such action via a CSRF attack

Affected configurations

Vulners
Node
lightspeedhqecwid_ecommerce_shopping_cartRange<6.11.4wordpress
VendorProductVersionCPE
lightspeedhqecwid_ecommerce_shopping_cart*cpe:2.3:a:lightspeedhq:ecwid_ecommerce_shopping_cart:*:*:*:*:*:wordpress:*:*

EPSS

0.001

Percentile

33.1%

Related for WPVDB-ID:D1316A66-675F-432E-AB35-12312768C4CB