{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1750", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-02-02T06:58:05.355Z", "datePublished": "2026-02-15T03:24:33.787Z", "dateUpdated": "2026-04-08T16:44:05.992Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:44:05.992Z"}, "affected": [{"vendor": "ecwid", "product": "Ecwid by Lightspeed Ecommerce Shopping Cart", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "7.0.7", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.0.7. This is due to a missing capability check in the 'save_custom_user_profile_fields' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to supply the 'ec_store_admin_access' parameter during a profile update and gain store manager access to the site."}], "title": "Ecwid by Lightspeed Ecommerce Shopping Cart <= 7.0.7 - Authenticated (Subscriber+) Privilege Escalation via ec_store_admin_access", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d29f77c-b86d-4058-b528-27631e8a1f2e?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ecwid-shopping-cart/tags/7.0.7/includes/class-ec-store-admin-access.php#L28"}, {"url": "https://plugins.trac.wordpress.org/changeset/3460721/ecwid-shopping-cart#file2"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269 Improper Privilege Management", "cweId": "CWE-269", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Nguyen Ngoc Duc"}], "timeline": [{"time": "2026-02-14T14:30:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-17T21:22:24.977857Z", "id": "CVE-2026-1750", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T21:22:32.603Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1750", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-17T21:22:24.977857Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T21:22:29.080Z"}}], "cna": {"title": "Ecwid by Lightspeed Ecommerce Shopping Cart <= 7.0.7 - Authenticated (Subscriber+) Privilege Escalation via ec_store_admin_access", "credits": [{"lang": "en", "type": "finder", "value": "Nguyen Ngoc Duc"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "ecwid", "product": "Ecwid by Lightspeed Ecommerce Shopping Cart", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "7.0.7"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-14T14:30:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d29f77c-b86d-4058-b528-27631e8a1f2e?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/ecwid-shopping-cart/tags/7.0.7/includes/class-ec-store-admin-access.php#L28"}, {"url": "https://plugins.trac.wordpress.org/changeset/3460721/ecwid-shopping-cart#file2"}], "descriptions": [{"lang": "en", "value": "The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.0.7. This is due to a missing capability check in the 'save_custom_user_profile_fields' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to supply the 'ec_store_admin_access' parameter during a profile update and gain store manager access to the site."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:44:05.992Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1750", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:44:05.992Z", "dateReserved": "2026-02-02T06:58:05.355Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-15T03:24:33.787Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.0.7. This is due to a missing capability check in the 'save_custom_user_profile_fields' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to supply the 'ec_store_admin_access' parameter during a profile update and gain store manager access to the site."}, {"lang": "es", "value": "El plugin Ecwid by Lightspeed Ecommerce Shopping Cart para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 7.0.7, inclusive. Esto se debe a una comprobaci\u00f3n de capacidad faltante en la funci\u00f3n 'save_custom_user_profile_fields'. Esto permite que atacantes autenticados, con permisos m\u00ednimos como un suscriptor, suministren el par\u00e1metro 'ec_store_admin_access' durante una actualizaci\u00f3n de perfil y obtengan acceso de administrador de tienda al sitio."}], "id": "CVE-2026-1750", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-15T04:15:54.113", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/ecwid-shopping-cart/tags/7.0.7/includes/class-ec-store-admin-access.php#L28"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3460721/ecwid-shopping-cart#file2"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d29f77c-b86d-4058-b528-27631e8a1f2e?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.0.7]"}}], "product": "ecwid_by_lightspeed_ecommerce_shopping_cart", "vendor": "ecwid"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-15T20:26:38.065083+00:00", "value": {"mitigation_remediation": ["Upgrade the Ecwid plugin to the latest version (7.0.8 or later) where the capability check has been restored.", "If an immediate upgrade is not possible, remove or restrict the ec_store_admin_access parameter from the user profile update form for roles below store manager level.", "Revoke the store manager capability from all subscribers and lower roles, ensuring only authorized users can assign store manager status.", "Monitor user activity logs for unauthorized attempts to set the ec_store_admin_access flag and block such requests."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Affected systems are installations of the Ecwid by Lightspeed Ecommerce Shopping Cart WordPress plugin through version 7.0.7 inclusive. All WordPress sites running any of these versions are susceptible until the plugin is updated to a fixed release.", "description_and_impact": "The vulnerability arises from a missing capability check in the save_custom_user_profile_fields function. Authenticated users with minimal permissions, such as subscribers, can supply the ec_store_admin_access parameter during a profile update, which grants them store manager privileges. The flaw is a classic privilege escalation issue, classified as CWE-269, allowing a low\u2011privilege user to gain higher\u2011level control over the e\u2011commerce platform.", "risk_and_exploitability": "The severity is high with a CVSS score of 8.8, yet the EPSS score of less than 1% indicates a very low likelihood of current exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers would need an authenticated session and would exploit the profile\u2011update endpoint to set the ec_store_admin_access flag, thereby escalating privileges. Security teams should treat this as a high\u2011risk flaw requiring prompt remediation."}}}}, "created": "2026-02-16T09:43:18.588242+00:00", "updated": "2026-04-15T20:30:13.782235+00:00", "vendors": ["ecwid", "ecwid$PRODUCT$ecwid_by_lightspeed_ecommerce_shopping_cart", "wordpress", "wordpress$PRODUCT$wordpress"]}