PT-2026-60418 · WordPress · Abandoned Cart Lite
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Abandoned Cart Lite for WooCommerce WordPress plugin versions prior to 6.8.2
Description
An issue exists where the plugin fails to protect the integrity of cart-recovery tokens or bind them to the requesting account. When the automatic-login option is enabled, unauthenticated attackers can forge a recovery link to log in as another user, leading to account takeover.
Recommendations
Update the plugin to version 6.8.2 or later.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Abandoned Cart Lite