CVE-2024-2322

2024-04-0305:15:47

[email protected]

web.nvd.nist.gov

nvd

organization

individual

publicized

9.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks.

Affected configurations

Vulners

Node

yithemesyith_woocommerce_cart_messagesRange<1.2.27

VendorProductVersionCPE
yithemesyith_woocommerce_cart_messages*cpe:2.3:a:yithemes:yith_woocommerce_cart_messages:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yithemes	yith_woocommerce_cart_messages	*	cpe:2.3:a:yithemes:yith_woocommerce_cart_messages::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WooCommerce Cart Abandonment Recovery",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "1.2.27"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]