The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in user input that will execute on the admin dashboard.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:NTychesoftwares Abandoned Cart Lite For Woocommerce
APPTychesoftwares< 5.2.0Tychesoftwares Abandoned Cart Pro For Woocommerce
APPTychesoftwares≤ 7.12.0
Powiązane podatności
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in version...
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Abandoned Cart Lite for WooC...
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in ve...
CSRF i brak autoryzacji w wtyczce Order Delivery Date Pro for WooCommerce umożliwiają przejęcie witryny
The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputt...