๐Ÿ” CVE Alert

CVE-2026-12585

UNKNOWN 0.0

Abandoned Cart Lite for WooCommerce < 6.8.2 - Unauthenticated Account Takeover via Malleable Recovery-Link Token

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

The Abandoned Cart Lite for WooCommerce WordPress plugin before 6.8.2 does not protect the integrity of its cart-recovery tokens or bind them to the requesting account, allowing unauthenticated attackers to forge a recovery link that logs them in as another user when the automatic-login option is enabled.

Vendor unknown
Product abandoned cart lite for woocommerce
Published Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for unknown abandoned cart lite for woocommerce

Be the first to know when new unknown vulnerabilities affecting unknown abandoned cart lite for woocommerce are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / Abandoned Cart Lite for WooCommerce
0 < 6.8.2

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/c94475c8-d129-4735-b599-5094efb20cb8/

Credits

Shivamani Vastrala WPScan