WordPress Plugin Vulnerabilities

Ecwid Shopping Cart < 6.11.4 - Import via CSRF

Description

The plugin does not have CSRF check when importing Woo data, which could allow attackers to make logged in admins perform such action via a CSRF attack

Affects Plugins

Plugin icon
ecwid-shopping-cart
Fixed in 6.11.4

References

CVE
CVE-2023-24377

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
d1316a66-675f-432e-ab35-12312768c4cb

Timeline

Publicly Published
2023-01-27 (about 3 years ago)
Added
2023-02-14 (about 3 years ago)
Last Updated
2023-02-14 (about 3 years ago)

Other

Published
Title
Published
2025-09-22
Title
AgreeMe Checkboxes For WooCommerce <= 1.1.3 - Cross-Site Request Forgery
Published
2025-11-29
Title
sIFR <= 0.6.8.1 - Cross-Site Request Forgery
Published
2025-01-20
Title
wp-greet < 6.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-06-05
Title
Anti-Spam: Spam Protection < 2025 - Multiple Administrative Actions via CSRF
Published
2023-09-04
Title
Live News < 1.07 - Settings Update via CSRF