CVE-2026-12585
Vulnerable component: Abandoned Cart Lite for WooCommerce (WordPress plugin) prior to version 6.8.2. Root cause: The plugin does not protect the integrity of cart-recovery tokens or bind them to the requesting account, allowing an unauthenticated attacker to forge a recovery link that logs in as ...