CVE-2026-1750 | Ecwid by Lightspeed Ecommerce Shopping Cart Plugin save_custom_user_profile_fields privilege escalation

Inserito da Angelo Barbosa | Feb 14, 2026 | CVE

A vulnerability labeled as critical has been found in Ecwid by Lightspeed Ecommerce Shopping Cart Plugin up to 7.0.7 on WordPress. Affected by this vulnerability is the function save_custom_user_profile_fields. The manipulation of the argument ec_store_admin_access results in privilege escalation.

This vulnerability is cataloged as CVE-2026-1750. The attack may be launched remotely. There is no exploit available.

CVE-2026-1750 | Ecwid by Lightspeed Ecommerce Shopping Cart Plugin save_custom_user_profile_fields privilege escalation

Post correlati

CVE-2024-32332 | Totolink N300RT 2.1.8-B20201030.1539 Wireless Page cross site scripting

CVE-2025-6611 | code-projects Inventory Management System 1.0 createBrand.php brandStatus sql injection

CVE-2024-2664 | Premium Addons for Elementor Plugin up to 4.10.24 on WordPress cross site scripting

CVE-2024-35227 | Discourse up to 3.3.0.beta2/3.2.2 URL denial of service