Vulnerabilities and security researches forwoo-cart-abandonment-recovery woo-cart-abandonment-recovery

Apr 25, 2026

CVE, Research URL: CVE-2026-39470
Home page URL: Security reports for WooCommerce Cart Abandonment Recovery
Application: WooCommerce Cart Abandonment Recovery
Date: -
Research Description: Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails [woo-cart-abandonment-recovery] < 2.1.0 CVE-2026-39470
Affected versions: max 2.1.0.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: CVE-2024-2322
Home page URL: Security reports for WooCommerce Cart Abandonment Recovery
Application: WooCommerce Cart Abandonment Recovery
Date: Apr 03, 2024
Research Description: The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks.
Affected versions: max 1.2.27.
Status: vulnerable