WordPress Plugin Vulnerabilities

Abandoned Cart Lite for WooCommerce < 1.9 - Authenticated Blind SQL Injection

Description

The Abandoned Cart Lite for WooCommerce WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability.

Affects Plugins

Plugin icon
woocommerce-abandoned-cart
Fixed in 1.9

References

URL
http://cinu.pl/research/wp-plugins/mail_b605e9f25a1a97d5ed70930b6e84e016.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.0 (critical)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
59f94baa-5f73-4014-945e-e7c8feec8e93

Timeline

Publicly Published
2015-07-15 (about 10 years ago)
Added
2015-11-24 (about 10 years ago)
Last Updated
2020-11-08 (about 5 years ago)

Other

Published
Title
Published
2024-10-31
Title
Lodgix.com Vacation Rental Website Builder <= 3.9.73 - Authenticated (Contributor+) SQL Injection
Published
2023-04-13
Title
Neshan Maps <= 1.1.4 - Admin+ SQLi
Published
2024-09-06
Title
Pinpoint Booking System < 2.9.9.5.1- Authenticated (Subscriber+) SQL Injection
Published
2022-12-05
Title
Contest Gallery < 19.1.5.1 - Unauthenticated SQL Injection
Published
2023-01-18
Title
MainWP Broken Links Checker Extension <= 4.0 - Unauthenticated SQLi