CVE-2024-2322

Name of the Vulnerable Software and Affected Versions WooCommerce Cart Abandonment Recovery WordPress plugin versions prior to 1.2.27

Description The issue concerns a lack of CSRF check in bulk actions, which could allow attackers to make logged-in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks.

Recommendations For versions prior to 1.2.27, update to version 1.2.27 or later to resolve the issue. As a temporary workaround, consider restricting access to bulk actions in the plugin to minimize the risk of exploitation.