Abandoned Cart Recovery For Woocommerce
Monthly
Authentication bypass in VillaTheme's Abandoned Cart Recovery for WooCommerce (versions through 1.1.12) allows unauthenticated remote attackers to access protected functionality via an alternate authentication path or channel (CWE-288). The CVSS vector confirms network-reachable, zero-complexity exploitation requiring no privileges or user interaction, yielding partial confidentiality and integrity compromise. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low attack complexity and unauthenticated nature elevate practical risk for any WooCommerce store running this plugin.
The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
Authentication bypass in VillaTheme's Abandoned Cart Recovery for WooCommerce (versions through 1.1.12) allows unauthenticated remote attackers to access protected functionality via an alternate authentication path or channel (CWE-288). The CVSS vector confirms network-reachable, zero-complexity exploitation requiring no privileges or user interaction, yielding partial confidentiality and integrity compromise. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low attack complexity and unauthenticated nature elevate practical risk for any WooCommerce store running this plugin.
The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.