ThreatPress

WordPress Vulnerability Database

Back

WordPress Abandoned Cart Lite for WooCommerce plugin <= 5.8.2 - Unauthenticated SQL Injection (SQLi) vulnerability

Product
Abandoned Cart Lite
Description
Unauthenticated SQL Injection (SQLi) vulnerability found by Slavco Mihajloski (mslavco) in WordPress Abandoned Cart Lite for WooCommerce plugin (versions <= 5.8.2).
Solution
Update the WordPress Abandoned Cart Lite for WooCommerce plugin to the latest available version (at least 5.8.3).
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Plugin changelog
Vulnerability details
CVE
Name CVE-N/A
Versions
Affected In <= 5.8.2
Fixed In 5.8.3
Disclosure date
2020-11-05
Credits
Slavco Mihajloski (mslavco)