Lightspeedhq

lightspeedhq

6 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Ecwid Ecommerce Shopping Cart

ecwid_ecommerce_shopping_cart

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-13795 1Lightspeedhq 1Ecwid Ecommerce Shopping Cart Feb 21, 2025 Feb 18, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. This is due to missing or incorrect nonce validation on the...Show more The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. This is due to missing or incorrect nonce validation on the ecwid_deactivate_feedback() function. This makes it possible for unauthenticated attackers to send deactivation messages on behalf of a site owner via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2023-51533 1Lightspeedhq 1Ecwid Ecommerce Shopping Cart Apr 28, 2026 Feb 28, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4.
CVE-2023-6292 1Lightspeedhq 1Ecwid Ecommerce Shopping Cart Jun 2, 2025 Jan 16, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
CVE-2023-24408 1Lightspeedhq 1Ecwid Ecommerce Shopping Cart Nov 21, 2024 May 8, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.4 versions.
CVE-2023-24377 1Lightspeedhq 1Ecwid Ecommerce Shopping Cart Apr 28, 2026 Feb 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.3 versions.
CVE-2022-2432 1Lightspeedhq 1Ecwid Ecommerce Shopping Cart Nov 21, 2024 Sep 6, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwid_update_plugi...Show more The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwid_update_plugin_params function. This makes it possible for unauthenticated attackers to update plugin options granted they can trick a site administrator into performing an action such as clicking on a link.Show less