WordPress Plugin Vulnerabilities

Abandoned Cart Lite for WooCommerce < 5.15.0 - Authentication Bypass

Description

The plugin does not use adequate cryptographic practices to secure its cart link decoding process, allowing unauthenticated attackers to bypass authentication and login as customers who have abandoned their carts.

Affects Plugins

Plugin icon
woocommerce-abandoned-cart
Fixed in 5.15.0

References

CVE
CVE-2023-2986

Classification

Type
INSUFFICIENT CRYPTOGRAPHY
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-326
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
fa6f48a2-60e1-4b4c-bd9d-1560dafbddb6

Timeline

Publicly Published
2023-06-06 (about 2 years ago)
Added
2023-06-08 (about 2 years ago)
Last Updated
2023-06-08 (about 2 years ago)

Other

Published
Title
Published
2021-10-13
Title
Simple JWT Login < 3.3.0 - Insecure Password Creation
Published
2022-03-16
Title
Download Manager < 3.2.39 - Unauthenticated brute force of files master key
Published
2023-07-14
Title
All-In-One Security (AIOS) – Security and Firewall < 5.2.0 - Insecure Storage of Password
Published
2022-09-21
Title
Passster < 3.5.5.5.2 - Insecure Storage of Password
Published
2025-08-28
Title
Password Reset with Code < 0.0.17 - Insecure Password Reset Code Creation