GCVE - cpe:2.3:a:tychesoftwares:abandoned_cart_pro_for

Approved changes feed: RSS · Atom

cpe:2.3:a:tychesoftwares:abandoned_cart_pro_for_woocommerce:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Tychesoftwares (`db686eea-abfb-5961-9b4b-c2e0a3dc6e56`)
Product	Abandoned Cart Pro For Woocommerce (`9e2be6bd-6eae-5b30-968e-da3f43b4de3f`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-25152`	vulnerable	2026-06-03 14:40:18.088957	Abandoned Cart Lite for WooCommerce < 5.2.0 and Abandoned Cart Pro for WooCommerce < 7.13.0 - Stored Cross-Site Scripting HIGH (7.2) The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in user input that will execute on the admin dashboard. Published: 2023-06-22T01:49:51.293Z Updated: 2026-04-08T17:14:13.416Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/a9cc5c6d-4396-4ebf-8788-f01dd9e9cfbc?source=cve https://www.wordfence.com/blog/2019/03/xss-flaw-in-abandoned-cart-plugin-leads-to-wordpress-site-takeovers/ https://plugins.trac.wordpress.org/changeset/2033212 https://wpscan.com/vulnerability/9229	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.