The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
This Cyber News was published on www.tenable.com. Publication date: Wed, 17 Jan 2024 03:56:03 +0000