Vulnerability Details : CVE-2023-2986
Potential exploit
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, who are typically customers. Further security hardening was introduced in version 5.15.1 that ensures sites are no longer vulnerable through historical check-out links, and additional hardening was introduced in version 5.15.2 that ensured null key values wouldn't permit the authentication bypass.
Products affected by CVE-2023-2986
- Tychesoftwares » Abandoned Cart Lite For Woocommerce » For WordpressVersions up to, including, (<=) 5.14.2cpe:2.3:a:tychesoftwares:abandoned_cart_lite_for_woocommerce:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-2986
91.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-2986
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
Wordfence |
CWE ids for CVE-2023-2986
-
The product requires authentication, but the product has an alternate path or channel that does not require authentication.Assigned by: security@wordfence.com (Primary)
References for CVE-2023-2986
-
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2925274%40woocommerce-abandoned-cart&new=2925274%40woocommerce-abandoned-cart&sfp_email=&sfph_mail=
Changeset 2925274 for woocommerce-abandoned-cart – WordPress Plugin Repository
-
https://plugins.trac.wordpress.org/browser/woocommerce-abandoned-cart/trunk/woocommerce-ac.php?rev=2916178#L1800
woocommerce-ac.php in woocommerce-abandoned-cart/trunk – WordPress Plugin RepositoryPatch
-
https://github.com/Ayantaker/CVE-2023-2986
GitHub - Ayantaker/CVE-2023-2986: Proof of Concept for vulnerability CVE-2023-2986 in 'Abandoned Cart Lite for WooCommerce' Plugin in WordPress
-
https://github.com/TycheSoftwares/woocommerce-abandoned-cart/pull/885#issuecomment-1601813615
Vulnerability fix for hardcoded encryption key. by pinalj · Pull Request #885 · TycheSoftwares/woocommerce-abandoned-cart · GitHub
-
https://www.wordfence.com/threat-intel/vulnerabilities/id/68052614-204f-4237-af0e-4b8210ebd59f?source=cve
Abandoned Cart Lite for WooCommerce <= 5.14.2 - Authentication BypassThird Party Advisory
-
https://plugins.trac.wordpress.org/changeset/2922242/
Changeset 2922242 – WordPress Plugin RepositoryPatch
-
https://plugins.trac.wordpress.org/browser/woocommerce-abandoned-cart/trunk/woocommerce-ac.php#L1815
woocommerce-ac.php in woocommerce-abandoned-cart/trunk – WordPress Plugin RepositoryPatch
-
http://packetstormsecurity.com/files/172966/WordPress-Abandoned-Cart-Lite-For-WooCommerce-5.14.2-Authentication-Bypass.html
WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass ≈ Packet Storm
-
https://www.wordfence.com/blog/2023/06/tyche-softwares-addresses-authentication-bypass-vulnerability-in-abandoned-cart-lite-for-woocommerce-wordpress-plugin/
Tyche Softwares Addresses Authentication Bypass Vulnerability in Abandoned Cart Lite for WooCommerce WordPress Plugin
Jump to