cleantalk
Vulnerabilities and Security Researches

CoCart – Decoupling WooCommerce Made Easy, 8dc47e60294b1857b3677ea4e6141b753f4b4e79

CVE, Research URL

8dc47e60294b1857b3677ea4e6141b753f4b4e79

Home page URL

Security reports for CoCart – Decoupling WooCommerce Made Easy

Application

CoCart – Decoupling WooCommerce Made Easy

Published on
Nov 07, 2023
Research Description
CoCart &#8211; Decoupling Made Easy for WooCommerce [cart-rest-api-for-woocommerce] < 3.12.0 WordPress CoCart – Headless ecommerce Plugin <= 3.9.0 is vulnerable to Broken Access Control No patched version is available. Mika discovered and reported this Broken Access Control vulnerability in WordPress CoCart – Headless ecommerce Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has not been known to be fixed yet.
Affected versions
Min -, max 3.12.0.
Status
vulnerable
Previous vulnerability researches
CoCart &#8211; Decoupling WooCommerce Made Easy (CVE-2023-47241) , Jun 10, 2024
CoCart &#8211; Decoupling WooCommerce Made Easy (8dc47e60294b1857b3677ea4e6141b753f4b4e79) , Jun 07, 2024
New vulnerability
Zakra (CVE-2025-8595) , Sep 15, 2025
PDF Embedder , Sep 11, 2025
Pixeline&#039;s Email Protector (CVE-2025-58982) , Sep 11, 2025
Include Me (CVE-2025-58983) , Sep 11, 2025
PagSeguro / PagBank Connect (CVE-2025-10142) , Sep 11, 2025