CVE-2024-13795
- EPSS 0.04%
- Veröffentlicht 18.02.2025 08:15:09
- Zuletzt bearbeitet 21.02.2025 15:33:49
The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. This is due to missing or incorrect nonce validation on the ecwid_deactivate_feedback() fu...
CVE-2023-51533
- EPSS 0.07%
- Veröffentlicht 28.02.2024 19:15:09
- Zuletzt bearbeitet 28.04.2025 13:13:33
Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4.
CVE-2023-6292
- EPSS 0.13%
- Veröffentlicht 16.01.2024 16:15:13
- Zuletzt bearbeitet 02.06.2025 15:15:25
The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
CVE-2023-24408
- EPSS 0.1%
- Veröffentlicht 08.05.2023 15:15:10
- Zuletzt bearbeitet 21.11.2024 07:47:48
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.4 versions.
CVE-2023-24377
- EPSS 0.15%
- Veröffentlicht 14.02.2023 12:15:15
- Zuletzt bearbeitet 21.11.2024 07:47:44
Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.3 versions.
CVE-2022-2432
- EPSS 0.24%
- Veröffentlicht 06.09.2022 18:15:13
- Zuletzt bearbeitet 21.11.2024 07:00:58
The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwid_update_plugin_params function. This makes ...