cleantalk
Vulnerabilities and Security Researches

WooCommerce Cart Abandonment Recovery, CVE-2024-2322

CVE, Research URL

CVE-2024-2322

Home page URL

Security reports for WooCommerce Cart Abandonment Recovery

Application

WooCommerce Cart Abandonment Recovery

Published on
Apr 03, 2024
Research Description
The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks.
Affected versions
max 1.2.27.
Status
vulnerable
Previous vulnerability researches
WooCommerce Cart Abandonment Recovery (CVE-2026-39470) , Apr 25, 2026
WooCommerce Cart Abandonment Recovery (CVE-2024-2322) , Jun 06, 2024
New vulnerability
CubeWP – All-in-One Dynamic Content Framework (CVE-2025-59569) , Apr 25, 2026
Qubely – Advanced Gutenberg Blocks (CVE-2025-58663) , Apr 25, 2026
WooCommerce Additional Fees On Checkout (Free) (CVE-2025-57903) , Apr 25, 2026
Save as PDF plugin by Pdfcrowd (CVE-2025-59552) , Apr 25, 2026
ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) (CVE-2026-5488) , Apr 25, 2026