Skip to main content

Abandoned Cart Recovery For Woocommerce

2 CVEs product

Monthly

CVE-2026-57698 MEDIUM This Month

Authentication bypass in VillaTheme's Abandoned Cart Recovery for WooCommerce (versions through 1.1.12) allows unauthenticated remote attackers to access protected functionality via an alternate authentication path or channel (CWE-288). The CVSS vector confirms network-reachable, zero-complexity exploitation requiring no privileges or user interaction, yielding partial confidentiality and integrity compromise. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low attack complexity and unauthenticated nature elevate practical risk for any WooCommerce store running this plugin.

Authentication Bypass WordPress Abandoned Cart Recovery For Woocommerce
NVD VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-4395 MEDIUM PATCH This Month

The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Abandoned Cart Recovery For Woocommerce
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
EPSS 0% CVSS 6.5
MEDIUM This Month

Authentication bypass in VillaTheme's Abandoned Cart Recovery for WooCommerce (versions through 1.1.12) allows unauthenticated remote attackers to access protected functionality via an alternate authentication path or channel (CWE-288). The CVSS vector confirms network-reachable, zero-complexity exploitation requiring no privileges or user interaction, yielding partial confidentiality and integrity compromise. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low attack complexity and unauthenticated nature elevate practical risk for any WooCommerce store running this plugin.

Authentication Bypass WordPress Abandoned Cart Recovery For Woocommerce
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Abandoned Cart Recovery For Woocommerce
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy