Ecwid By Lightspeed Ecommerce Shopping Cart vulnerabilities
3 known vulnerabilities affecting ecwid/ecwid_by_lightspeed_ecommerce_shopping_cart.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-1750P2HIGHCVSS 8.8≤ 7.0.72026-02-15
CVE-2026-1750 [HIGH] CWE-269 CVE-2026-1750: The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege Esca
The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.0.7. This is due to a missing capability check in the 'save_custom_user_profile_fields' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to supply t
nvd
CVE-2024-2456P4MEDIUMCVSS 6.4≤ 6.12.102024-04-09
CVE-2024-2456 [MEDIUM] CWE-79 CVE-2024-2456: The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting
The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.12.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permiss
nvd
CVE-2024-13795P4MEDIUMCVSS 4.3≤ 6.12.272025-02-18
CVE-2024-13795 [MEDIUM] CWE-352 CVE-2024-13795: The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Req
The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. This is due to missing or incorrect nonce validation on the ecwid_deactivate_feedback() function. This makes it possible for unauthenticated attackers to send deactivation messages on behalf
nvd