WordPress Plugin Vulnerabilities
Abandoned Cart Lite for WooCommerce < 5.2.0 - Unauthenticated Stored Cross-Site Scripting (XSS)
Description
The save_data() AJAX call, used by unauthenticated users, such as guest during the checkout process, does not sanitise or validate user input (for example billing_first_name, billing_last_name, and billing_company fields). This leads to a Stored Cross-Site Scripting issue which will be triggered in the admin dashboard.
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Submitter
Ryan Dewhurst
Submitter twitter
Verified
No
WPVDB ID
Timeline
Publicly Published
2019-03-11 (about 5 years ago)
Added
2019-03-11 (about 5 years ago)
Last Updated
2023-06-22 (about 10 months ago)