Tychesoftwares Abandoned Cart Lite Woocommerce
By the Year
In 2024 there have been 0 vulnerabilities in Tychesoftwares Abandoned Cart Lite Woocommerce . Last year Abandoned Cart Lite Woocommerce had 5 security vulnerabilities published. Right now, Abandoned Cart Lite Woocommerce is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 5 | 6.25 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Abandoned Cart Lite Woocommerce vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tychesoftwares Abandoned Cart Lite Woocommerce Security Vulnerabilities
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabili
CVE-2023-44986
4.8 - Medium
- October 16, 2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Abandoned Cart Lite for WooCommerce plugin <= 5.15.2 versions.
XSS
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to
CVE-2021-4414
4.3 - Medium
- July 12, 2023
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.5. This is due to missing or incorrect nonce validation on the wcal_preview_emails() function. This makes it possible for unauthenticated attackers to generate email preview templates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Session Riding
The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting
CVE-2019-25152
6.1 - Medium
- June 22, 2023
The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in user input that will execute on the admin dashboard.
XSS
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to
CVE-2023-2986
9.8 - Critical
- June 08, 2023
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, who are typically customers. Further security hardening was introduced in version 5.15.1 that ensures sites are no longer vulnerable through historical check-out links, and additional hardening was introduced in version 5.15.2 that ensured null key values wouldn't permit the authentication bypass.
Authentication Bypass Using an Alternate Path or Channel
** REJECT ** CVE split into individual CVE IDs for each software record.
CVE-2021-4342
- June 07, 2023
** REJECT ** CVE split into individual CVE IDs for each software record.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Rucyproject Rucy or by Tychesoftwares? Click the Watch button to subscribe.
