Critical Flaw Found in WordPress Plugin for WooCommerce Used by 30,000 Websites

2023-06-22 10:17

A critical security flaw has been disclosed in the WordPress "Abandoned Cart Lite for WooCommerce" plugin that's installed on more than 30,000 websites.

The problem, at its core, is a case of authentication bypass that arises as a result of insufficient encryption protections that are applied when customers are notified when they have abandoned their shopping carts on e-commerce sites without completing the purchase.

Specifically, the encryption key is hard-coded in the plugin, thereby allowing malicious actors to login as a user with an abandoned cart.

Following responsible disclosure on May 30, 2023, the vulnerability was addressed by the plugin developer, Tyche Softwares, on June 6, 2023, with version 5.15.0.

The current version of Abandoned Cart Lite for WooCommerce is 5.15.2.

The flaw, affecting versions 2.3.7 and earlier, has been addressed in version 2.3.8, which was released on June 13, 2023.

News URL

https://thehackernews.com/2023/06/critical-flaw-found-in-wordpress-plugin.html

#critical #woocommerce #wordpress

Related vendor

VENDOR	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress	49	36	408	104	29	577
Woocommerce	33	2	42	17	2	63
Plugin	2	0	13	0	0	13

News URL

Related news

Related vendor