6.8
CVE-2024-2322
- EPSS 0.15%
- Veröffentlicht 03.04.2024 05:15:47
- Zuletzt bearbeitet 07.04.2025 14:19:35
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginWooCommerce Cart Abandonment Recovery <= 1.2.26 - Cross-Site Request Forgery to Templates/Abandoned Orders Deletion
The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks.
Mögliche Gegenmaßnahme
Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails: Update to version 1.2.27, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails
Version
*-1.2.26
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cartflows ≫ Woocommerce Cart Abandonment Recovery SwPlatformwordpress Version < 1.2.27
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.358 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.