Ecwid by Lightspeed Ecommerce Shopping Cart

Vulnerabilities 20Slug ecwid-shopping-cartLatest version 7.0.8WordPress.org →

Minimum safe version

7.0.8

Update to 7.0.8 or later to address 20 fixable vulnerabilities

Latest available7.0.8
High 8.8
2026-02-15< 7.0.8

Ecwid by Lightspeed Ecommerce Shopping Cart <= 7.0.7 - Authenticated (Subscriber+) Privilege Escalation via ec_store_admin_access

EUVDWordfenceCVE
N/A
< 6.12.4

Ecwid Ecommerce Shopping Cart &lt; 6.12.4 - Missing Authorization on multiple functions

WPScan
Medium 4.3
2024-01-16< 6.12.5

CVE-2023-6292

CVEWPScan
Medium 5.4
2024-12-27< 6.12.5

WordPress Ecwid Shopping Cart Plugin <= 6.12.4 is vulnerable to Cross Site Request Forgery (CSRF)

PatchstackCVEWPScan
N/A
2023-11-28< 6.12.5

Ecwid Ecommerce Shopping Cart <= 6.12.4 - Cross-Site Request Forgery

Wordfence
N/A
2023-11-09< 6.12.4

WordPress Ecwid Shopping Cart Plugin <= 6.12.3 is vulnerable to Broken Access Control

Patchstack
N/A
2023-11-07< 6.12.4

Ecwid Ecommerce Shopping Cart <= 6.12.3 - Missing Authorization on multiple functions

Wordfence
N/A
< 6.10.23

Ecwid Shopping Cart &lt; 6.10.23 - Insufficient Access Control

WPScan
N/A
2016-08-08< 4.4.4

Ecwid Ecommerce Shopping Cart <= 4.4.3 - Unauthenticated PHP Object injection

Wordfence
N/A
< 4.4.4

Ecwid Ecommerce Shopping Cart &lt;= 4.4.3 - Unauthenticated PHP Object Injection

WPScan
N/A
2022-07-09< 6.10.23

Ecwid Ecommerce Shopping Cart <= 6.10.22 - Insufficient Access Control on Multiple AJAX Actions

Wordfence
N/A
2016-08-08< 4.4.4

WordPress Ecwid Shopping Cart Plugin <= 4.4.3 - Unauthenticated PHP Object Injection

Patchstack