PT-2026-60418 · WordPress · Abandoned Cart Lite

·

CVE-2026-12585

·

Published

2026-07-16

·

Updated

2026-07-16

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions Abandoned Cart Lite for WooCommerce WordPress plugin versions prior to 6.8.2
Description An issue exists where the plugin fails to protect the integrity of cart-recovery tokens or bind them to the requesting account. When the automatic-login option is enabled, unauthenticated attackers can forge a recovery link to log in as another user, leading to account takeover.
Recommendations Update the plugin to version 6.8.2 or later.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2026-12585

Affected Products

Abandoned Cart Lite