CVE-2019-25152 in Abandoned Cart Lite for WooCommerce Plugininformation

Résumé

par MITRE • 22/06/2023

The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in user input that will execute on the admin dashboard.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Wordfence

Réserver

21/06/2023

Divulgation

22/06/2023

Modérer

accepté

Entrée

VDB-232088

CPE

prêt

CWE

CWE-79 (confirmé)

CVSS

6.1 (NVD)

EPSS

0.27125

KEV

non

Activités

très faible

Secteur

Hostingprovider, Telecommunication, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2019-25152
NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-25152
CVE Details	https://www.cvedetails.com/cve/CVE-2019-25152/

◂ Précédent Aperçu Suivant ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!