CVE-2021-4414

Name of the Vulnerable Software and Affected Versions Abandoned Cart Lite for WooCommerce plugin for WordPress versions up to and including 5.8.5

Description The issue arises from missing or incorrect nonce validation on the wcal preview emails() function, allowing unauthenticated attackers to generate email preview templates via a forged request. This can be achieved by tricking a site administrator into performing an action, such as clicking on a link, thereby exploiting the Cross-Site Request Forgery weakness.

Recommendations For Abandoned Cart Lite for WooCommerce plugin for WordPress versions up to and including 5.8.5, update to a version higher than 5.8.5 to resolve the issue. As a temporary workaround, consider restricting access to the wcal preview emails() function until a patch is available.