Published: 08/06/2023 Updated: 07/11/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Subscribe to Abandoned Cart Lite For Woocommerce

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated malicious users to log in as users who have abandoned the cart, who are typically customers. Further security hardening was introduced in version 5.15.1 that ensures sites are no longer vulnerable through historical check-out links, and additional hardening was introduced in version 5.15.2 that ensured null key values wouldn't permit the authentication bypass.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tychesoftwares abandoned cart lite for woocommerce

WordPress Abandoned Cart Lite for WooCommerce plugin versions 5142 and below proof of concept authentication bypass exploit ...

WordPress Abandoned Cart Lite for WooCommerce plugin versions 5142 and below suffer from an authentication bypass vulnerability ...

Proof of Concept for vulnerability CVE-2023-2986 in 'Abandoned Cart Lite for WooCommerce' Plugin in WordPress

Original Proof of Concept for CVE-2023-2986 Proof of Concept for vulnerability CVE-2023-2986 in 'Abandoned Cart Lite for WooCommerce' Plugin in WordPress Related Details NVD Link : nvdnistgov/vuln/detail/CVE-2023-2986 Plugin Source : githubcom/TycheSoftwares/woocommerce-abandoned-cart/ Vulnerable versions : version <= 5142 version <

Proof of Concept for vulnerability CVE-2023-2986 in 'Abandoned Cart Lite for WooCommerce' Plugin in WordPress in Python Version

CVE-2023-2986 Proof of Concept (POC) Python Version by Alucard0x1 Proof of Concept for vulnerability CVE-2023-2986 in 'Abandoned Cart Lite for WooCommerce' Plugin in WordPress in Python Version Credit githubcom/Ayantaker/CVE-2023-2986

https://plugins.trac.wordpress.org/browser/woocommerce-abandoned-cart/trunk/woocommerce-ac.php#L1815 https://www.wordfence.com/threat-intel/vulnerabilities/id/68052614-204f-4237-af0e-4b8210ebd59f?source=cve https://plugins.trac.wordpress.org/changeset/2922242/https://plugins.trac.wordpress.org/browser/woocommerce-abandoned-cart/trunk/woocommerce-ac.php?rev=2916178#L1800 https://github.com/Ayantaker/CVE-2023-2986 https://www.wordfence.com/blog/2023/06/tyche-softwares-addresses-authentication-bypass-vulnerability-in-abandoned-cart-lite-for-woocommerce-wordpress-plugin/https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2925274%40woocommerce-abandoned-cart&new=2925274%40woocommerce-abandoned-cart&sfp_email=&sfph_mail=https://github.com/TycheSoftwares/woocommerce-abandoned-cart/pull/885#issuecomment-1601813615 https://nvd.nist.gov https://github.com/Ayantaker/CVE-2023-2986 https://packetstormsecurity.com/files/172966/WordPress-Abandoned-Cart-Lite-For-WooCommerce-5.14.2-Authentication-Bypass.html

CVE-2023-2986

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect