What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Recapture Cart Recovery and Email Marketing Recapture for WooCommerce recapture-for-woocommerce allows Cross Site Request Forgery.This issue affects Recapture for WooCommerce: from n/a through <= 1.0.43.
Explanation of Vulnerability in Simple Terms
02Summary
Recapture for WooCommerce versions up to 1.0.43 lack proper CSRF protection on certain actions. An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unwanted changes to plugin settings or data without the admin's knowledge or consent. No special privileges or user interaction beyond visiting a page are required.
What an attacker can do
03Attacker Capabilities
Perform unauthorized actions on the site by tricking an admin into visiting a malicious webpage.
Potential impact on your site
04Site Impact
Plugin settings or data could be modified without your knowledge if you visit a compromised site.
Conditions required to exploit
05Prerequisites
Admin must visit attacker-controlled webpage while logged into WordPress.
Key dates
06Disclosure timeline
March 15, 2025
CVE published
April 28, 2026
Record updated