GCVE - cpe:2.3:a:villatheme:abandoned_cart_recovery_for

Approved changes feed: RSS · Atom

cpe:2.3:a:villatheme:abandoned_cart_recovery_for_woocommerce:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Villatheme (`f6e46fcf-f7b5-547b-bdd5-2c693fe77a08`)
Product	Abandoned Cart Recovery For Woocommerce (`f8ca7b3d-9692-5f1e-91fc-22e717deca07`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-32526`	vulnerable	2026-06-03 15:20:43.166691	WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.10 - Cross Site Scripting (XSS) vulnerability HIGH (7.1) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Stored XSS.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through <= 1.1.10. Published: 2026-03-25T16:15:08.581Z Updated: 2026-04-29T09:52:01.125Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/woo-abandoned-cart-recovery/vulnerability/wordpress-abandoned-cart-recovery-for-woocommerce-plugin-1-1-10-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-4395`	vulnerable	2026-06-03 14:45:48.622322	Abandoned Cart Recovery for WooCommerce <= 1.0.4 - Cross-Site Request Forgery Bypass MEDIUM (4.3) The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the get_items() and extra_tablenav() functions. This makes it possible for unauthenticated attackers to perform read-only actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Published: 2023-07-01T05:33:24.356Z Updated: 2026-04-08T16:49:37.827Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/45b627f9-e7c6-4bf6-b1c7-d607f3e083f8?source=cve https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Abandoned Cart Recovery For Woocommerce

PURL mappings

Vulnerability references

Contribute