cleantalk
Vulnerabilities and Security Researches

Abandoned Cart Lite for WooCommerce, CVE-2019-25152

CVE, Research URL

CVE-2019-25152

Home page URL

Security reports for Abandoned Cart Lite for WooCommerce

Application

Abandoned Cart Lite for WooCommerce

Published on
Jun 22, 2023
Research Description
The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in user input that will execute on the admin dashboard.
Affected versions
max 5.2.0.
Status
vulnerable
Previous vulnerability researches
LetsRecover – WooCommerce Abandoned Cart Notifications (CVE-2022-4355) , Jun 07, 2024
LetsRecover – WooCommerce Abandoned Cart Notifications (CVE-2022-4356) , Jun 07, 2024
LetsRecover – WooCommerce Abandoned Cart Notifications (CVE-2022-4357) , Jun 07, 2024
Abandoned Cart Lite for WooCommerce (d2274f1ff19dbe519f9e6e330360f94e28678f44) , Jun 06, 2024
Abandoned Cart Lite for WooCommerce (CVE-2021-4414) , Jun 06, 2024
New vulnerability
Security & Malware scan by CleanTalk , Apr 03, 2026
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026