WordPress Plugin Vulnerabilities

Abandoned Cart Lite for WooCommerce < 5.16.2 - Multiple CSRF

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins perform unwanted actions, such as toggle template statuses via CSRF attacks

Affects Plugins

Plugin icon
woocommerce-abandoned-cart
Fixed in 5.16.2

References

URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/1ce1316b-674a-4436-968f-9ffca4e8f726

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.3 (medium)

Miscellaneous

Verified
No
WPVDB ID
77aa9043-3434-416d-9de4-683e7dd379c7

Timeline

Publicly Published
2023-12-01 (about 2 years ago)
Added
2024-01-31 (about 2 years ago)
Last Updated
2024-01-31 (about 2 years ago)

Other

Published
Title
Published
2025-12-04
Title
Norby AI <= 1.0.3 - Cross-Site Request Forgery to Settings Update
Published
2023-10-16
Title
MailChimp Forms by MailMunch < 3.1.5 - Arbitrary Actions via CSRF
Published
2022-05-11
Title
Database Backup for WordPress < 2.5.2 - Arbitrary Schedule Settings Update via CSRF
Published
2015-06-19
Title
Google Analyticator <= 6.4.9.3 - Cross-Site Request Forgery (CSRF)
Published
2025-03-06
Title
Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins < 2.0.60 - Cross-Site Request Forgery to Stored Cross-Site Scripting