CVE-2023-2986

Name of the Vulnerable Software and Affected Versions Abandoned Cart Lite for WooCommerce plugin for WordPress versions up to, and including, 5.14.2

Description The issue is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, who are typically customers.

Recommendations For versions up to, and including, 5.14.2, update to version 5.15.1 or later to ensure sites are no longer vulnerable through historical check-out links. Additionally, updating to version 5.15.2 will ensure null key values won't permit the authentication bypass.