Cross Site Request Forgery Vulnerability Patched in Ecwid Ecommerce Shopping Cart Plugin


The Wordfence Threat Intelligence team started the responsible disclosure procedure on June 24, 2022, for a Cross-Site Request Forgery vulnerability we found in Ecwid Ecommerce Shopping Cart, a WordPress plugin used by more than 30,000 websites.

By using a faked request, an attacker might use this vulnerability to change some of the plugin’s more complex settings. On June 24, 2022, we used their ticketing system to try to contact the developer. Read More…