CVE-2023-44986

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Oct 16, 2023

Updated: Oct 19, 2023

CWE ID 79

Summary

CVE-2023-44986 is a stored Cross-Site Scripting (XSS) vulnerability affecting versions 5.15.2 and below of the Abandoned Cart Lite plugin for WooCommerce by Tyche Softwares. An attacker can exploit this admin privilege escalation flaw by injecting malicious scripts into a user's account, which may lead to unauthorized access or data theft when the compromised account is used to manage the WooCommerce store. This issue poses a significant risk to websites utilizing the vulnerable plugin and requires immediate patching to mitigate potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/s4F6SJ
https://www.cve.org/CVERecord?id=CVE-2023-44986
https://nvd.nist.gov/vuln/detail/CVE-2023-44986

Back to Vulnerability Database

CVE-2023-44986

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations