CVE-2024-13795 – This CSRF vulnerability in the Ecwid Ecommerce ... (How to Fix)

Q: What is the severity of CVE-2024-13795?

CVE-2024-13795 has a CVSS score of 4.3 (MEDIUM). This CSRF vulnerability in the Ecwid Ecommerce Shopping Cart WordPress plugin allows unauthenticated attackers to send deactivation feedback messages on behalf of site owners by tricking administrators into clicking malicious links. All WordPress sites using Ecwid plugin versions up to 6.12.27 are affected.

📋 TL;DR

This CSRF vulnerability in the Ecwid Ecommerce Shopping Cart WordPress plugin allows unauthenticated attackers to send deactivation feedback messages on behalf of site owners by tricking administrators into clicking malicious links. All WordPress sites using Ecwid plugin versions up to 6.12.27 are affected.

💻 Affected Systems

Products:

Ecwid by Lightspeed Ecommerce Shopping Cart WordPress plugin

Versions: All versions up to and including 6.12.27

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects WordPress installations with the Ecwid plugin active. Requires administrator interaction to trigger.

📦 What is this software?

Ecwid Ecommerce Shopping Cart by Lightspeedhq

View all CVEs affecting Ecwid Ecommerce Shopping Cart →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Site administrators could unknowingly send deactivation feedback containing sensitive information to the plugin developers, potentially revealing internal data or configuration details.

🟠

Likely Case

Attackers could send false deactivation reports that might affect plugin support decisions or reputation, but no direct data theft or site compromise occurs.

🟢

If Mitigated

With proper CSRF protections and user awareness, the risk is limited to nuisance-level attacks with minimal operational impact.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires social engineering to trick administrators into clicking malicious links. No authentication bypass or direct code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.12.28 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3241777%40ecwid-shopping-cart&new=3241777%40ecwid-shopping-cart&sfp_email=&sfph_mail=

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Ecwid Ecommerce Shopping Cart. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from WordPress plugin repository and upload manually.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable the Ecwid plugin until patched to prevent exploitation

wp plugin deactivate ecwid-shopping-cart

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict cross-origin requests
Educate administrators about phishing risks and safe browsing practices

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Ecwid Ecommerce Shopping Cart → Version. If version is 6.12.27 or lower, you are vulnerable.

Check Version:

wp plugin get ecwid-shopping-cart --field=version

Verify Fix Applied:

After updating, verify version is 6.12.28 or higher in WordPress admin plugins page.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /wp-admin/admin-ajax.php with action=ecwid_deactivate_feedback
Multiple deactivation feedback submissions from same IP

Network Indicators:

Cross-origin requests to WordPress admin endpoints without proper referrer headers

SIEM Query:

source="wordpress.log" AND "ecwid_deactivate_feedback" AND status=200

📊 Metadata

CVE ID: CVE-2024-13795

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-352

EPSS Score: 0.04% exploit probability (11.3th percentile)

Published: February 18, 2025

Last Updated: February 21, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13795, you might also want to check these: