HIGH🇬🇧 English

CVE-2019-25152

CVSS 7.2v3.1pub. 2023-06-22upd. 2026-04-08

The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in user input that will execute on the admin dashboard.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
  • Tychesoftwares Abandoned Cart Lite For Woocommerce

    APP
    Tychesoftwares
    < 5.2.0
  • Tychesoftwares Abandoned Cart Pro For Woocommerce

    APP
    Tychesoftwares
    ≤ 7.12.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSSAuth Bypass
CWE
Referencje

Powiązane podatności

CVE-2023-2986CRITICAL9.8ten sam produkt

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in version...

CVE-2023-44986MEDIUM5.9ten sam produkt

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Abandoned Cart Lite for WooC...

CVE-2021-4414MEDIUM4.3ten sam produkt

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in ve...

CVE-2025-2907CRITICAL9.8PL ✓ten sam vendor

CSRF i brak autoryzacji w wtyczce Order Delivery Date Pro for WooCommerce umożliwiają przejęcie witryny

CVE-2025-2929HIGH7.1ten sam vendor

The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputt...

CVE-2019-25152 — HIGH 7.2 | CVEbaza.pl