24 matches found
EUVD-2026-36934
Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery 2.1.0 versions...
CVE-2026-39470
Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery 2.1.0 versions...
CVE-2026-39470
CVE-2026-39470 affects the WordPress plugin WooCommerce Cart Abandonment Recovery, specifically versions earlier than 2.1.0. The issue is a Privilege Escalation that allows a shop manager to gain higher privileges. The reported impact is Confidentiality, Integrity, and Availability at high severi...
CVE-2026-39470 WordPress WooCommerce Cart Abandonment Recovery plugin < 2.1.0 - Privilege Escalation vulnerability
Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery 2.1.0 versions...
PT-2026-49376
Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery 2.1.0 versions...
WordPress WooCommerce Cart Abandonment Recovery plugin < 2.1.0 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WooCommerce Cart Abandonment Recovery versions 2.1.0...
EUVD-2023-55590
Malicious code in bioql PyPI...
PT-2025-25777 · Funnelkit · Recover Woocommerce Cart Abandonment
Name of the Vulnerable Software and Affected Versions: Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit versions up to, and including, 3.5.3 Description: The issue is related to a missing capability check on the install or activate addon plugins...
WordPress plugin Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2023-50857
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit.This issue affects Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing,...
CVE-2024-9186
The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...
PT-2024-39476 · Funnelkit · Recover Woocommerce Cart Abandonment
Name of the Vulnerable Software and Affected Versions: Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin versions prior to 3.3.0 Description: The issue allows unauthenticated users to perform SQL injection attacks due to the lack...
WordPress WooCommerce Cart Abandonment Recovery plugin < 1.2.27 - Templates/Abandoned Orders Deletion via CSRF vulnerability
Templates/Abandoned Orders Deletion via CSRF vulnerability discovered by Erwan LR WPScan in WordPress Plugin WooCommerce Cart Abandonment Recovery versions 1.2.27...
WordPress WooCommerce Cart Abandonment Recovery Plugin < 1.2.27 is vulnerable to Cross Site Request Forgery (CSRF)
Software WooCommerce Cart Abandonment Recovery Type Plugin Vulnerable versions 1.2.27 Fixed in 1.2.27 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2322 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 266dfc803e4a Credit...
WordPress plugin WooCommerce Cart Abandonment Recovery 漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WooCommerce Cart Abandonment Recovery < 1.2.27 - Templates/Abandoned Orders Deletion via CSRF
Description The plugin does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks. PoC Make a logged in admin open one of the URLs below - To mak...
CVE-2023-50857
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit.This issue affects Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing,...
CVE-2023-50857
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit.This issue affects Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing,...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit.This issue affects Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing,...
CVE-2023-50857
Mode C: CVE-2023-50857 is an SQL Injection in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation by FunnelKit. Affected: Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation by FunnelKit up to version 2.6.1 (inclusi...