Lucene search
WpvulndbWPVDB-ID:334A376E-690F-492E-9E98-387A68C26595HistoryJan 04, 2024 - 12:00 a.m.
Ecwid Ecommerce Shopping Cart < 6.12.5 - Cross-Site Request Forgery
2024-01-0400:00:00
wpscan.com
18
ecwid
wordpress
cross-site request forgery
Description The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.4. This is due to missing nonce validation on several functions hooked via AJAX in the ~/includes/class-ecwid-admin-storefront-page.php. This makes it possible for unauthenticated attackers to modify several of the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2023-6292 may be a duplicate of this issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 6.12.5 |
Related
nvd
nvd
CVE-2023-51533
2024-02-28 19:15:09
CVE-2023-6292
2024-01-16 16:15:13
prion
prion
Cross site request forgery (csrf)
2024-02-28 19:15:00
Cross site request forgery (csrf)
2024-01-16 16:15:00
cvelist
cvelist
vulnrichment
vulnrichment
cve
cve
CVE-2023-51533
2024-02-28 19:15:09
CVE-2023-6292
2024-01-16 16:15:13
wpvulndb
wpvulndb
wpexploit
wpexploit
4.5 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
Related for WPVDB-ID:334A376E-690F-492E-9E98-387A68C26595