API Monitor free
arrow right To plugin page
Fixed

WordPress Ecwid Ecommerce Shopping Cart plugin <= 6.10.23 - Cross-Site Request Forgery (CSRF) vulnerability leading to Settings/Options update

8.8
CVSS 3.1 score High severity
Monitoring Coming soon

Find out about vulnerable plugins in your websites for free.

Scan your website arrow right
Type
Plugin
Vulnerable versions
<= 6.10.23
Fixed in
6.10.24
PSID
c78a3b229229
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A5: Broken Access Control
Publicly disclosed
2022-08-04

Details

Cross-Site Request Forgery (CSRF) vulnerability leading to Settings/Options update discovered by Marco Wotschka in WordPress Ecwid Ecommerce Shopping Cart plugin (versions <= 6.10.23).

Solution

Update the WordPress Ecwid Shopping Cart plugin to the latest available version (at least 6.10.24).

References

Vulnerability details

Other known vulnerabilities for Ecwid Shopping Cart

Submit vulnerabilities and become a verified Alliance member

Learn more

Let us know if we have missed a vulnerability reported elsewhere

Report arrow right Close

Thank you for contributing!

Successfully submit vulnerabilities and receive an invite to our Alliance platform.

Learn more arrow right Close