The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: WPScan
Published: 2024-04-03T05:00:01.687Z
Updated: 2024-08-01T19:11:52.617Z
Reserved: 2024-03-08T13:37:22.348Z
Link: CVE-2024-2322

Updated: 2024-08-01T19:11:52.617Z

Status : Awaiting Analysis
Published: 2024-04-03T05:15:47.920
Modified: 2024-11-21T09:09:30.220
Link: CVE-2024-2322

No data.