CVE-2023-6292
Ecwid Ecommerce Shopping Cart < 6.12.5 - Arbitrary Plugin Settings Change via CSRF
The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
We have discovered 989 live websites that are affected by CVE-2023-6292.
Affected Software
| Product |  Ecwid Ecommerce Shopping Cart |
| Category | Wordpress Plugins |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 124 |
| Vulnerable Domains | 989 live websites (35.15% of Ecwid Ecommerce Shopping Cart install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-6292 and the relative popularity of websitesDetails
- Published - Jan 16, 2024
- Updated - Jan 16, 2024
Credits
- Krzysztof Zając (CERT PL) (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
Countries
 United States | 506 websites |
 GB | 72 websites |
 Germany | 69 websites |
 Italy | 45 websites |
 Canada | 41 websites |
 Australia | 32 websites |
 Russia | 30 websites |
 France | 24 websites |
 Netherlands | 19 websites |
 South Africa | 16 websites |
TLDs
| .com | 581 websites |
| .org | 90 websites |
| .co.uk | 40 websites |
| .de | 32 websites |
| .it | 26 websites |
| .com.au | 26 websites |
| .net | 19 websites |
| .ru | 17 websites |
| .nl | 15 websites |
| .ca | 15 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2023-6292 through included software libraries and plugins.Websites affected by CVE-2023-6292
Top websites that are affected by CVE-2023-6292. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.****.org | United States | ***,*** | |
| **************.com | United States | ***,*** | |
| *********.com | ***,*** | ||
| ***.*************************.org | United States | ***,*** | |
| *************.org | United States | ***,*** | |
| *****************.org | United States | ***,*** | |
| ***.*********.com | United States | ***,*** | |
| **********************.com |  Cyprus | ***,*** | |
| ********.com | Russia | ***,*** | |
| ******************.org | United States | ***,*** |