CVE-2023-24377

WordPress Ecwid Shopping Cart Plugin <= 6.11.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.3 versions.

We have discovered 614 live websites that are affected by CVE-2023-24377.

Affected Software


Product	Ecwid Ecommerce Shopping Cart
Category	Wordpress Plugins
Vulnerable Versions	from 0 through 6.11.3
Total Vulnerable Versions	124
Vulnerable Domains	614 live websites (21.82% of Ecwid Ecommerce Shopping Cart install base)

Common Weakness Enumeration

CWE-352 Cross-Site Request Forgery (CSRF)

Distribution by Website Rank

The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-24377 and the relative popularity of websites

Available Reports

Website List

Details

Published - Feb 14, 2023
Updated - Feb 14, 2023

Credits

Lana Codes (Patchstack Alliance) (finder)

CWE

CWE-352

CVE References

CWE References

cwe.mitre.org

Countries

United States	322 websites

GB	40 websites
Germany	39 websites
Italy	26 websites
Canada	25 websites
Russia	21 websites
Australia	19 websites
South Africa	13 websites
France	12 websites
Belgium	11 websites

TLDs

.com	362 websites
.org	55 websites
.co.uk	22 websites
.de	20 websites
.it	16 websites
.com.au	16 websites
.ru	14 websites
.net	13 websites
.be	9 websites
.ca	9 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Geographical Distribution

The distribution of websites across the globe that are exposed to CVE-2023-24377 through included software libraries and plugins.

References

https://patchstack.com/database/vulnerability/ecwid-shopping-cart/wordpress-ecwid-ecommerce-shopping-cart-plugin-6-11-3-cross-site-request-forgery-csrf?_s_id=cve

Websites affected by CVE-2023-24377

Top websites that are affected by CVE-2023-24377. Please click on the "Contact us" button above to get more information.

Domain	Country	Rank
*.**.org	United States	*,*
**************.com	United States	*,*
*************.org	United States	*,*
*****************.org	United States	*,*
*.*******.com	United States	*,*
**********************.com	Cyprus	*,*
********.com	Russia	*,*
******************.org	United States	*,*
****.org	United States	*,*
**********.org	United States	*,*

See full domain list