Abandoned Cart Lite for WooCommerce <= 5.1.3 - Stored Cross-Site Scripting (XSS)

Affects Plugins

fixed in version 5.2.0
fixed in version 5.2.0

References

URL https://www.wordfence.com/blog/2019/03/xss-flaw-in-abandoned-cart-plugin-leads-to-wordpress-site-takeovers/
URL https://plugins.trac.wordpress.org/changeset/2033212/woocommerce-abandoned-cart

Classification

Type XSS
OWASP Top 10 A3: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter Ryan Dewhurst
Submitter Website https://dewhurstsecurity.com/
Submitter Twitter ethicalhack3r
Views 8301
Verified No
WPVDB ID 9229

Timeline

Publicly Published 2019-03-11 (4 months ago)
Added 2019-03-11 (4 months ago)
Last Updated 2019-03-11 (4 months ago)