cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-4414,https://securityvulnerability.io/vulnerability/CVE-2021-4414,Cross-Site Request Forgery Vulnerability in Abandoned Cart Lite for WooCommerce by WordPress,"The Abandoned Cart Lite for WooCommerce plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in the wcal_preview_emails() function. This flaw allows attackers to craft malicious requests, potentially tricking an administrator into executing actions that generate email preview templates without proper authentication. As users interact with the site, exploiting this vulnerability could lead to unauthorized actions, compromising the site's security and operational integrity.",Wordpress,Abandoned Cart Lite For WooCommerce,4.3,MEDIUM,0.00046999999904073775,false,,false,false,false,,false,false,2023-07-12T03:40:44.381Z,0
CVE-2019-25152,https://securityvulnerability.io/vulnerability/CVE-2019-25152,Stored Cross-Site Scripting in Abandoned Cart Lite and Pro Plugins for WordPress,"The Abandoned Cart Lite and Pro for WooCommerce plugins are susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and escaping of output. Attackers can exploit this flaw by injecting malicious scripts through various parameters, allowing unauthorized execution of scripts within the admin dashboard. This vulnerability impacts multiple plugin versions, making it critical for site owners to update and secure their installations to prevent potential exploitation.",Wordpress,"Abandoned Cart Pro For WooCommerce,Abandoned Cart Lite For WooCommerce",7.2,HIGH,0.0017399999778717756,false,,false,false,false,,false,false,2023-06-22T01:49:51.293Z,0
CVE-2023-2986,https://securityvulnerability.io/vulnerability/CVE-2023-2986,Authentication Bypass in Abandoned Cart Lite for WooCommerce Plugin by Tyche Softwares,"The Abandoned Cart Lite for WooCommerce plugin for WordPress has a significant vulnerability that allows attackers to bypass authentication due to inadequate encryption used during the decoding of links for abandoned carts. This flaw primarily affects versions up to and including 5.14.2, permitting unauthenticated users to log in as actual customers who have abandoned their carts. The security of the plugin was enhanced in subsequent versions, specifically 5.15.1, which addressed vulnerabilities associated with historical checkout links. Further improvements were made in version 5.15.2 to ensure that null key values could not exploit the authentication bypass.",Wordpress,Abandoned Cart Lite for WooCommerce,9.8,CRITICAL,0.0004799999878741801,false,,false,false,true,true,false,false,2023-06-08T02:15:00.000Z,0