CVSS 3.1 Score 4.3 of 10 (medium)


Published Jan 16, 2024
Updated: Jan 23, 2024
CWE ID 352


CVE-2023-6292 is a vulnerability affecting the Ecwid Ecommerce Shopping Cart WordPress plugin before version 6.12.5. This vulnerability allows attackers to exploit a lack of CSRF (Cross-Site Request Forgery) check in the plugin's settings, enabling them to change the settings of a logged-in admin through a CSRF attack. The potential danger this vulnerability poses to an organization is that it can lead to unauthorized changes in the plugin's settings, potentially compromising the security and integrity of the website. To remediate this vulnerability, it is recommended to update the Ecwid Ecommerce Shopping Cart WordPress plugin to version 6.12.5 or later, which includes the necessary CSRF checks for secure configuration updates.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-6292 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options