The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-04-03T05:00:01.687Z

Updated: 2024-08-01T19:11:52.617Z

Reserved: 2024-03-08T13:37:22.348Z

Link: CVE-2024-2322

cve-icon Vulnrichment

Updated: 2024-08-01T19:11:52.617Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-03T05:15:47.920

Modified: 2024-11-21T09:09:30.220

Link: CVE-2024-2322

cve-icon Redhat

No data.