Lightspeedhq Ecwid Ecommerce Shopping Cart vulnerabilities
6 known vulnerabilities affecting lightspeedhq/ecwid_ecommerce_shopping_cart.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2023-24377P4HIGHCVSS 8.8fixed in 6.11.42023-02-14
CVE-2023-24377 [HIGH] CWE-352 CVE-2023-24377: Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plu
Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.3 versions.
nvd
CVE-2023-24408P4MEDIUMCVSS 5.4fixed in 6.11.52023-05-08
CVE-2023-24408 [MEDIUM] CWE-79 CVE-2023-24408: Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ecwid Ecommerce Ecwid Ecomme
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.4 versions.
nvd
CVE-2023-51533P4MEDIUMCVSS 6.1fixed in 6.12.52024-02-28
CVE-2023-51533 [MEDIUM] CWE-352 CVE-2023-51533: Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.Thi
Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4.
nvd
CVE-2024-13795P4MEDIUMCVSS 4.3fixed in 6.12.282025-02-18
CVE-2024-13795 [MEDIUM] CWE-352 CVE-2024-13795: The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Req
The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. This is due to missing or incorrect nonce validation on the ecwid_deactivate_feedback() function. This makes it possible for unauthenticated attackers to send deactivation messages on behalf
nvd
CVE-2022-2432P4MEDIUMCVSS 4.3≤ 6.10.232022-09-06
CVE-2022-2432 [MEDIUM] CWE-352 CVE-2022-2432: The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery i
The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwid_update_plugin_params function. This makes it possible for unauthenticated attackers to update plugin options granted they can trick a site admini
nvd
CVE-2023-6292P4MEDIUMCVSS 4.3fixed in 6.12.52024-01-16
CVE-2023-6292 [MEDIUM] CWE-352 CVE-2023-6292: The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place w
The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
nvd