Ecwid Ecommerce Shopping Cart, CVE-2023-6292

CVE, Research URL: CVE-2023-6292
Home page URL: Security reports for Ecwid Ecommerce Shopping Cart
Application: Ecwid Ecommerce Shopping Cart
Published on: Jan 16, 2024
Research Description: The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
Affected versions: Min -, max 6.12.5.
Status: vulnerable