VYPR

Ecommerce Shopping Cart

by Ecwid

Source repositories

CVEs (5)

  • CVE-2022-2432HigSep 6, 2022
    risk 0.57cvss 8.8epss 0.00

    The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwid_update_plugin_params function. This makes it possible for…

  • CVE-2026-1750HigFeb 15, 2026
    risk 0.50cvss 8.8epss 0.00

    The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.0.7. This is due to a missing capability check in the 'save_custom_user_profile_fields' function. This makes it possible for…

  • CVE-2026-24613MedJan 23, 2026
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through <= 7.0.6.

  • CVE-2026-24580MedJan 23, 2026
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through <= 7.0.5.

  • CVE-2024-13795MedFeb 18, 2025
    risk 0.28cvss 4.3epss 0.00

    The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. This is due to missing or incorrect nonce validation on the ecwid_deactivate_feedback() function. This makes it…

VYPR — Vulnerability Intelligence