WordPress Plugin Vulnerabilities

Ecwid Ecommerce Shopping Cart < 6.12.4 - Missing Authorization on multiple functions

Description

The plugin is vulnerable to unauthorized access of data and modification of data due to missing capability checks on multiple functions in all versions up to, and including, 6.12.3. This makes it possible for authenticated attackers to access developer tool pages.

Affects Plugins

Plugin icon
ecwid-shopping-cart
Fixed in 6.12.4

References

URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/f3d5bc99-2b55-4e19-8304-e56f3d4a2f1a

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.4 (medium)

Miscellaneous

Verified
No
WPVDB ID
d7dac967-6e77-450a-9fcc-acffa42b57fc

Timeline

Publicly Published
2023-11-07 (about 2 years ago)
Added
2024-01-12 (about 2 years ago)
Last Updated
2024-01-12 (about 2 years ago)

Other

Published
Title
Published
2025-04-23
Title
Flynax Bridge < 2.2.1 - Unauthenticated Privilege Escalation via Account Takeover
Published
2025-01-31
Title
WordPress Contact Forms by Cimatti < 1.9.5 - Missing Authorization to Unauthenticated Form Submission Download
Published
2026-02-18
Title
Aruba HiSpeed Cache < 3.0.3 - Missing Authorization to Unauthenticated Plugin's Settings Modification
Published
2025-09-01
Title
Miraculous < 2.0.9 - Missing Authorization to Unauthenticated Arbitrary Content Deletion
Published
2024-10-25
Title
Download Monitor < 5.0.13 - Missing Authorization to API Key Manipulation