CVE-2026-1750

The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.0.7. This is due to a missing capability check in the 'save_custom_user_profile_fields' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to supply the 'ec_store_admin_access' parameter during a profile update and gain store manager access to the site.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/ecwid-shopping-cart/tags/7.0.7/includes/class-ec-store-admin-access.php#L28
https://plugins.trac.wordpress.org/changeset/3460721/ecwid-shopping-cart#file2
https://www.wordfence.com/threat-intel/vulnerabilities/id/2d29f77c-b86d-4058-b528-27631e8a1f2e?source=cve

Configurations

No configuration.

History

18 Feb 2026, 17:52

Type	Values Removed	Values Added
Summary		(es) El plugin Ecwid by Lightspeed Ecommerce Shopping Cart para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 7.0.7, inclusive. Esto se debe a una comprobación de capacidad faltante en la función 'save_custom_user_profile_fields'. Esto permite que atacantes autenticados, con permisos mínimos como un suscriptor, suministren el parámetro 'ec_store_admin_access' durante una actualización de perfil y obtengan acceso de administrador de tienda al sitio.

15 Feb 2026, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-15 04:15

Updated : 2026-02-18 17:52

NVD link : CVE-2026-1750

Mitre link : CVE-2026-1750

CVE.ORG link : CVE-2026-1750

JSON object : View

Products Affected

No product.

CWE

CWE-269

Improper Privilege Management

8.8 /10