CVE-2023-41671: WordPress Abandoned Cart Lite for WooCommerce plugin <= 5.16.1 - Cross Site Request Forgery (CSRF) vulnerability

5.4 CVSS

Description

Missing Authorization vulnerability in Tyche Softwares Abandoned Cart Lite for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Cart Lite for WooCommerce: from n/a through 5.16.1.

Classification

CVE ID: CVE-2023-41671

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.4

Affected Products

Vendor: Tyche Softwares

Product: Abandoned Cart Lite for WooCommerce

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://patchstack.com/database/wordpress/plugin/woocommerce-abandoned-cart/vulnerability/wordpress-abandoned-cart-lite-for-woocommerce-plugin-5-16-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

Timeline

2024-12-14 00:30:16 UTC
CVE

WordPress Abandoned Cart Lite for WooCommerce plugin <= 5.16.1 - Cross Site Request Forgery (CSRF) vulnerability