The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.5. This is due to missing or incorrect nonce validation on the wcal_preview_emails() function. This makes it possible for unauthenticated attackers to generate email preview templates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NTychesoftwares Abandoned Cart Lite For Woocommerce
APPTychesoftwares≤ 5.8.5
Powiązane podatności
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in version...
The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulne...
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Abandoned Cart Lite for WooC...
CSRF i brak autoryzacji w wtyczce Order Delivery Date Pro for WooCommerce umożliwiają przejęcie witryny
The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputt...