What the vulnerability does
01Description
Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery < 2.1.0 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery < 2.1.0 versions.
Explanation of Vulnerability in Simple Terms
WooCommerce Cart Abandonment Recovery versions before 2.1.0 contain an improper access control vulnerability. An authenticated administrator with high privileges can read, modify, or delete sensitive data and site functionality. The vulnerability requires admin-level access and does not require user interaction. Update to version 2.1.0 or later to remediate.
What an attacker can do
Read, modify, or delete sensitive site data and functionality with admin-level access.
Potential impact on your site
A malicious admin account could compromise customer data, cart records, and plugin settings without additional restrictions.
Conditions required to exploit
Attacker must have administrator-level privileges on the WordPress site.
Key dates
External resources
Related vulnerabilities