Ecwid Shopping Cart <= 6.11.3 - Import via CSRF
LANACOMMONVDB ID: dbc8835e-f0d9-47ca-a0c5-7133b9476069
The plugin does not have Cross-Site Request Forgery (CSRF) check when importing WooCommerce data, which could allow attackers to make logged in admins perform such action via a Cross-Site Request Forgery (CSRF) attack.
Attributes
- Catgory
- WordPress Plugin
- Discovered
- 2023-01-09
- Published
- 2023-01-27
- Affected Version
- <= 6.11.3
Classification
- Type
- Cross-Site Request Forgery (CSRF)
Support Us?
We would truly appreciate it if you bought us a bunny (food for a snow leopard).
