CVE-2022-2389

CVE-2022-2389: Automations By Autonami < 2.1.2 - Subscriber+ Automation Creation

Vendor Unknown
Product Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami
Weakness CWE-862 · Missing authorization
Published August 22, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations

Key dates

02Disclosure timeline

August 22, 2022 CVE published
August 3, 2024 Record updated