Abandoned%20Cart%20Pro%20for%20WooCommerce

Abandoned Cart Pro for WooCommerce

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-4387

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-8.8||HIGH

EPSS-0.08% / 24.86%

7 Day CHG~0.00%

Published-10 Jun, 2025 | 03:41

Updated-12 Jun, 2025 | 16:06

Abandoned Cart Pro for WooCommerce <= 9.16.0 - Authenticated (Subscriber+) Arbitrary File Upload

The Abandoned Cart Pro for WooCommerce plugin contains an authenticated arbitrary file upload vulnerability due to missing file type validation in the wcap_add_to_cart_popup_upload_files function in all versions up to, and including, 9.16.0. This makes it possible for an authenticated attacker, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may allow for either remote or local code execution depending on the server configuration.

Vendor-Tyche Softwares

Product-Abandoned Cart Pro for WooCommerce

CWE ID-CWE-434

Unrestricted Upload of File with Dangerous Type

CVE-2019-25152

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-7.2||HIGH

EPSS-0.32% / 54.80%

7 Day CHG~0.00%

Published-22 Jun, 2023 | 01:49

Updated-30 Oct, 2024 | 13:03

The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in user input that will execute on the admin dashboard.

Vendor-tychesoftwares tychesoftwares TYCHE

Product-abandoned_cart_lite_for_woocommerce abandoned_cart_pro_for_woocommerce Abandoned Cart Lite for WooCommerce Abandoned Cart Pro for WooCommerce