Vulnerabilities (CVE)

Filtered by vendor Tychesoftwares Subscribe
Filtered by product Abandoned Cart Lite For Woocommerce
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-2986 1 Tychesoftwares 1 Abandoned Cart Lite For Woocommerce 2023-06-19 N/A 9.8 CRITICAL
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, which users are typically customers.