The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in user input that will execute on the admin dashboard.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-06-22T01:49:51.293Z
Updated: 2024-08-05T03:00:19.348Z
Reserved: 2023-06-21T11:29:00.463Z
Link: CVE-2019-25152
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-06-22T02:15:47.730
Modified: 2023-11-07T03:09:22.440
Link: CVE-2019-25152
Redhat
No data.