CVE-2025-66109

Missing Authorization vulnerability in Octolize Shipping Plugins Cart Weight for WooCommerce woo-cart-weight allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cart Weight for WooCommerce: from n/a through = 1.9.11...

WordPress plugin Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2025-25777 · Funnelkit · Recover Woocommerce Cart Abandonment

Name of the Vulnerable Software and Affected Versions: Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit versions up to, and including, 3.5.3 Description: The issue is related to a missing capability check on the install or activate addon plugins...

CVE-2023-50857

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit.This issue affects Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing,...

CVE-2019-5979

Cross-site request forgery CSRF vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...

WordPress Cart tracking for WooCommerce plugin <= 1.0.17 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Ngo Bui Truong Vu in WordPress Plugin Cart tracking for WooCommerce versions = 1.0.17...

CVE-2025-30791

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpdever Cart tracking for WooCommerce cart-tracking-for-woocommerce allows SQL Injection.This issue affects Cart tracking for WooCommerce: from n/a through = 1.0.16...

WordPress plugin Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin Recover WooCommerce Cart Abandonment, Newsletter,...

CVE-2024-10563

The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

PT-2025-8670 · WordPress · Woocommerce Cart Count Shortcode

Name of the Vulnerable Software and Affected Versions: WooCommerce Cart Count Shortcode WordPress plugin versions prior to 1.1.0 Description: The issue concerns the lack of validation and escaping of certain shortcode attributes, which could allow users with the contributor role and above to...

CVE-2024-54386 WordPress Push Monkey Pro plugin <= 3.9 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in pushmonkey Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart push-monkey-desktop-push-notifications allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart:...

CVE-2024-9186

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...

PT-2024-39476 · Funnelkit · Recover Woocommerce Cart Abandonment

Name of the Vulnerable Software and Affected Versions: Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin versions prior to 3.3.0 Description: The issue allows unauthenticated users to perform SQL injection attacks due to the lack...

CVE-2024-2322

The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks...

WordPress WooCommerce Cart Abandonment Recovery Plugin < 1.2.27 is vulnerable to Cross Site Request Forgery (CSRF)

Software WooCommerce Cart Abandonment Recovery Type Plugin Vulnerable versions 1.2.27 Fixed in 1.2.27 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2322 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 266dfc803e4a Credit...

CVE-2023-50857

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit.This issue affects Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing,...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit.This issue affects Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing,...

CVE-2019-5979

Summary (CVE-2019-5979): A CSRF flaw in the WordPress plugin “Personalized WooCommerce Cart Page” (versions 2.4 and earlier) could allow remote attackers to hijack administrator accounts through unspecified vectors. Public references consistently identify the affected component as the Personalize...

WordPress Plugin "Personalized WooCommerce Cart Page" vulnerable to cross-site request forgery

Overview WordPress Plugin "Personalized WooCommerce Cart Page" provided by N-MEDIA contains a cross-site request forgery vulnerability CWE-352. Akira Yamasaki of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University directly reported this...

JVN#88804335: WordPress Plugin "Personalized WooCommerce Cart Page” vulnerable to cross-site request forgery

WordPress Plugin "Personalized WooCommerce Cart Page” provided by N-MEDIA contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Update the plugin Update the plugin according to the...