Abandoned Cart Lite for WooCommerce WordPress Plugin Security Vulnerabilities | WPScan

10

March 23, 2026

20000

Published

2023-12-01

Title

Abandoned Cart Lite for WooCommerce < 5.16.2 - Multiple CSRF

Fixed in

Fixed in 5.16.2

CVSS

5.3 (medium)

Published

2023-11-28

Title

Abandoned Cart Lite for WooCommerce < 5.16.2 - Missing Authorization via multiple AJAX functions

Fixed in

Fixed in 5.16.2

CVSS

5.4 (medium)

Published

2023-11-21

Title

Abandoned Cart Lite for WooCommerce < 5.16.1 - Improper Authorization via wcal_delete_expired_used_coupon_code

Fixed in

Fixed in 5.16.1

CVSS

3.1 (low)

Published

2023-11-21

Title

Abandoned Cart Lite for WooCommerce < 5.16.1 - Improper Authorization via wcal_preview_emails

Fixed in

Fixed in 5.16.1

CVSS

3.7 (low)

Published

2023-10-16

Title

Abandoned Cart Lite for WooCommerce < 5.16.0 - Admin+ Stored XSS

Fixed in

Fixed in 5.16.0

CVSS

3.5 (low)

Published

2023-06-06

Title

Abandoned Cart Lite for WooCommerce < 5.15.0 - Authentication Bypass

Fixed in

Fixed in 5.15.0

CVSS

9.8 (critical)

Published

2021-03-01

Title

Multiple Plugins - CSRF Nonce Bypasses

Fixed in

Fixed in 5.8.6

CVSS

5.4 (medium)

Published

2020-11-08

Title

Abandoned Cart Lite for WooCommerce < 5.8.3 - Unauthenticated SQL Injection

Fixed in

Fixed in 5.8.3

CVSS

10.0 (critical)

Published

2019-03-11

Title

Abandoned Cart Lite for WooCommerce < 5.2.0 - Unauthenticated Stored Cross-Site Scripting (XSS)

Fixed in

Fixed in 5.2.0

CVSS

9.6 (critical)

Published

2015-07-15

Title

Abandoned Cart Lite for WooCommerce < 1.9 - Authenticated Blind SQL Injection

Fixed in

Fixed in 1.9

CVSS

9.0 (critical)