Lucene search
WpvulndbWPVDB-ID:E22B38D3-6A3D-4718-ADC4-FDE860C9AA5FHistoryJan 26, 2024 - 12:00 a.m.
Abandoned Cart Lite for WooCommerce < 5.16.1 - Improper Authorization via wcal_preview_emails
2024-01-2600:00:00
wpscan.com
2
vulnerable
unauthorized access
missing capability check
wcal_preview_emails
unauthenticated attackers
preview emails
obtain nonce
separate vulnerability
woocommerce
6.9 Medium
AI Score
Confidence
Low
Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the wcal_preview_emails function. This makes it possible for unauthenticated attackers to preview emails, granted they are able to obtain a nonce via a separate vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 5.16.1 |
6.9 Medium
AI Score
Confidence
Low