Monitor free

Report

New Known

Exploited

Fixed

WordPress Ecwid Ecommerce Shopping Cart plugin <= 6.10.23 - Cross-Site Request Forgery (CSRF) vulnerability leading to Settings/Options update

8.8

CVSS 3.1 score High severity

Report

Monitoring Monitoring Known to be exploited Coming soon

Find out about vulnerable plugins in your websites for free.

Scan your website

Software

Ecwid Shopping Cart

Type

Plugin

Vulnerable versions

<= 6.10.23

Fixed in

6.10.24

PSID

c78a3b229229

CVE ID

CVE-2022-2432

Classification

Cross Site Request Forgery (CSRF)

OWASP Top 10

A5: Broken Access Control

Required privilege

Credits

Marco Wotschka

Publicly disclosed

2022-08-04

Patchstack vPatch available since

09.12.2021

Details

Cross-Site Request Forgery (CSRF) vulnerability leading to Settings/Options update discovered by Marco Wotschka in WordPress Ecwid Ecommerce Shopping Cart plugin (versions <= 6.10.23).

Solution

Update the WordPress Ecwid Shopping Cart plugin to the latest available version (at least 6.10.24).

References