CVE-2023-6292 Information

Description

The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings which could allow attackers to make a logged in admin change them via a CSRF attack.

Reference

https://wpscan.com/vulnerability/d4cf799e-2571-4b96-a303-78dcafbfcf40/