CVE-2019-25152
Summary
| CVE | CVE-2019-25152 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-06-22 02:15:00 UTC |
|---|
| Updated | 2023-11-07 03:09:00 UTC |
|---|
| Description | The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in user input that will execute on the admin dashboard. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Abandoned Cart Lite for WooCommerce < 5.2.0 - Unauthenticated Stored Cross-Site Scripting (XSS) Security Vulnerability |
MISC |
wpscan.com |
|
| 403 Forbidden |
MISC |
plugins.trac.wordpress.org |
|
| XSS Vulnerability in Abandoned Cart Plugin Leads To WordPress Site Takeovers |
MISC |
www.wordfence.com |
|
| Abandoned Cart Lite for WooCommerce < 5.2.0 and Abandoned Cart Pro for WooCommerce < 7.13.0 - Stored Cross-Site Scripting |
MISC |
www.wordfence.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.
