CVE-2023-6292

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jan 16, 2024

Updated: Jan 23, 2024

CWE ID 352

Summary

CVE-2023-6292 is a vulnerability affecting the Ecwid Ecommerce Shopping Cart plugin for WordPress. Prior to version 6.12.5, this plugin lacked Cross-Site Request Forgery (CSRF) protection during setting updates. Consequently, an attacker could exploit this vulnerability to manipulate admin settings by tricking a logged-in user into clicking on a malicious link, posing a significant security risk for WordPress sites using the Ecwid plugin.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Lightspeed Commerce

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tjOpXf
https://www.cve.org/CVERecord?id=CVE-2023-6292
https://nvd.nist.gov/vuln/detail/CVE-2023-6292

Back to Vulnerability Database

CVE-2023-6292

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations