Lucene search
K

9 matches found

Wordfence Blog
Wordfence Blog
added 2023/06/19 1:6 p.m.30 views

Tyche Softwares Addresses Authentication Bypass Vulnerability in Abandoned Cart Lite for WooCommerce WordPress Plugin

On May 29, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in Tyche Softwares’s Abandoned Cart Lite for WooCommerce plugin, which is actively installed on more than 30,000 WordPress websites. This...

7.5CVSS7.6AI score0.41077EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/06/19 12:0 a.m.331 views

WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass

On May 29, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in Tyche Softwares’s Abandoned Cart Lite for WooCommerce plugin, which is actively installed on more than 30,000 WordPress websites. This...

9.8CVSS7.1AI score0.41077EPSS
Exploits5
0day.today
0day.today
added 2023/06/17 12:0 a.m.318 views

WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass Exploit

WordPress Abandoned Cart Lite for WooCommerce plugin versions 5.14.2 and below proof of concept authentication bypass exploit. Entering the URL in browser will give you access to the respective users acc...

9.8CVSS7.4AI score0.41077EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/06/16 12:0 a.m.455 views

WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass

Entering the URL in browser will give you access to the respective users account. If the wordpress admin user himself...

9.8CVSS7.1AI score0.41077EPSS
Exploits5
Circl
Circl
added 2023/06/09 6:25 p.m.34 views

CVE-2023-2986

creationtimestamp| type| source ---|---|--- 2023-06-09 18:25:15+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/4527 2023-06-13 20:55:03+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/4557 2023-06-28 09:18:53+00:00| seen| https://t.me/kasraonecom/323 2023-06-30...

9.8CVSS9AI score0.41077EPSS
Exploits5References5
GithubExploit
GithubExploit
added 2023/06/09 5:44 p.m.509 views

Exploit for CVE-2023-2986

Original Proof of Concept for CVE-2023-2986 Proof of Concept...

9.8CVSS9.6AI score0.41077EPSS
Exploits5
CVE
CVE
added 2023/06/08 1:56 a.m.92 views

CVE-2023-2986

CVE-2023-2986 affects the WordPress plugin Abandoned Cart Lite for WooCommerce. It enables authentication bypass via the abandoned cart workflow due to insufficient encryption when decoding the cart link, allowing unauthenticated login as customers. Affected versions go up to 5.14.2; fixes were i...

9.8CVSS9.5AI score0.41077EPSS
Exploits5References8Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/08 1:56 a.m.47 views

CVE-2023-2986 Abandoned Cart Lite for WooCommerce <= 5.15.1 - Authentication Bypass

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated...

9.8CVSS7.4AI score0.41077EPSS
Exploits5References8
Patchstack
Patchstack
added 2023/06/06 12:0 a.m.21 views

WordPress Abandoned Cart Lite for WooCommerce Plugin <= 5.14.2 is vulnerable to Broken Authentication

Software Abandoned Cart Lite for WooCommerce Type Plugin Vulnerable versions = 5.14.2 Fixed in 5.15.0 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2986 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 15bb4df9e2c9 Credits István...

9.8CVSS6.5AI score0.41077EPSS
Exploits5References3Affected Software1
Rows per page
Query Builder