cleantalk
Vulnerabilities and Security Researches

Abandoned Cart Lite for WooCommerce, CVE-2023-2986

CVE, Research URL

CVE-2023-2986

Home page URL

Security reports for Abandoned Cart Lite for WooCommerce

Application

Abandoned Cart Lite for WooCommerce

Published on
Jun 08, 2023
Research Description
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, who are typically customers. Further security hardening was introduced in version 5.15.1 that ensures sites are no longer vulnerable through historical check-out links, and additional hardening was introduced in version 5.15.2 that ensured null key values wouldn't permit the authentication bypass.
Affected versions
max 5.15.0.
Status
vulnerable
Previous vulnerability researches
LetsRecover – WooCommerce Abandoned Cart Notifications (CVE-2022-4355) , Jun 07, 2024
LetsRecover – WooCommerce Abandoned Cart Notifications (CVE-2022-4356) , Jun 07, 2024
LetsRecover – WooCommerce Abandoned Cart Notifications (CVE-2022-4357) , Jun 07, 2024
Abandoned Cart Lite for WooCommerce (d2274f1ff19dbe519f9e6e330360f94e28678f44) , Jun 06, 2024
Abandoned Cart Lite for WooCommerce (CVE-2021-4414) , Jun 06, 2024
New vulnerability
Security & Malware scan by CleanTalk , Apr 03, 2026
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026