CVE-2026-12585
Abandoned Cart Lite for WooCommerce < 6.8.2 - Unauthenticated Account Takeover via Malleable Recovery-Link Token
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
The Abandoned Cart Lite for WooCommerce WordPress plugin before 6.8.2 does not protect the integrity of its cart-recovery tokens or bind them to the requesting account, allowing unauthenticated attackers to forge a recovery link that logs them in as another user when the automatic-login option is enabled.
| Vendor | unknown |
| Product | abandoned cart lite for woocommerce |
| Published | Jul 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown abandoned cart lite for woocommerce
Be the first to know when new unknown vulnerabilities affecting unknown abandoned cart lite for woocommerce are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / Abandoned Cart Lite for WooCommerce
0 < 6.8.2
References
Credits
Shivamani Vastrala WPScan