9 matches found
Tyche Softwares Addresses Authentication Bypass Vulnerability in Abandoned Cart Lite for WooCommerce WordPress Plugin
On May 29, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in Tyche Softwares’s Abandoned Cart Lite for WooCommerce plugin, which is actively installed on more than 30,000 WordPress websites. This...
WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass
On May 29, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in Tyche Softwares’s Abandoned Cart Lite for WooCommerce plugin, which is actively installed on more than 30,000 WordPress websites. This...
WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass Exploit
WordPress Abandoned Cart Lite for WooCommerce plugin versions 5.14.2 and below proof of concept authentication bypass exploit. Entering the URL in browser will give you access to the respective users acc...
WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass
Entering the URL in browser will give you access to the respective users account. If the wordpress admin user himself...
CVE-2023-2986
creationtimestamp| type| source ---|---|--- 2023-06-09 18:25:15+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/4527 2023-06-13 20:55:03+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/4557 2023-06-28 09:18:53+00:00| seen| https://t.me/kasraonecom/323 2023-06-30...
Exploit for CVE-2023-2986
Original Proof of Concept for CVE-2023-2986 Proof of Concept...
CVE-2023-2986
CVE-2023-2986 affects the WordPress plugin Abandoned Cart Lite for WooCommerce. It enables authentication bypass via the abandoned cart workflow due to insufficient encryption when decoding the cart link, allowing unauthenticated login as customers. Affected versions go up to 5.14.2; fixes were i...
CVE-2023-2986 Abandoned Cart Lite for WooCommerce <= 5.15.1 - Authentication Bypass
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated...
WordPress Abandoned Cart Lite for WooCommerce Plugin <= 5.14.2 is vulnerable to Broken Authentication
Software Abandoned Cart Lite for WooCommerce Type Plugin Vulnerable versions = 5.14.2 Fixed in 5.15.0 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2986 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 15bb4df9e2c9 Credits István...