Defiant, a web application security firm, warns of highly severe authentication bypass vulnerabilities with tens of thousands of installations in two WordPress plugins. The first security flaw, CVE-2023-2986, affects WooCommerce’s Abandoned Cart Lite, a plugin with more than 30,000 active installations, and notifies users who still need to complete the purchase process.
The user is provided with a link in the sent notification. The link automatically logs them in to proceed with their purchase and to identify the cart; it contains an encrypted value.
Read More: Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
