{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2322", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2024-03-08T13:37:22.348Z", "datePublished": "2024-04-03T05:00:01.687Z", "dateUpdated": "2025-03-26T17:40:05.769Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-04-08T17:28:01.688Z"}, "title": "WooCommerce Cart Abandonment Recovery < 1.2.27 - Templates/Abandoned Orders Deletion via CSRF", "problemTypes": [{"descriptions": [{"description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "WooCommerce Cart Abandonment Recovery", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThan": "1.2.27"}], "defaultStatus": "unaffected", "collectionURL": "https://wordpress.org/plugins"}], "descriptions": [{"lang": "en", "value": "The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks."}], "references": [{"url": "https://wpscan.com/vulnerability/c740ed3b-d6b8-4afc-8c6b-a1ec37597055/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Erwan LR (WPScan)", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-03-26T17:32:01.091730Z", "id": "CVE-2024-2322", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-26T17:40:05.769Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:11:52.617Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/c740ed3b-d6b8-4afc-8c6b-a1ec37597055/", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/c740ed3b-d6b8-4afc-8c6b-a1ec37597055/", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:11:52.617Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-2322", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-26T17:32:01.091730Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:42.996Z"}}], "cna": {"title": "WooCommerce Cart Abandonment Recovery < 1.2.27 - Templates/Abandoned Orders Deletion via CSRF", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Erwan LR (WPScan)"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "WooCommerce Cart Abandonment Recovery", "versions": [{"status": "affected", "version": "0", "lessThan": "1.2.27", "versionType": "semver"}], "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "references": [{"url": "https://wpscan.com/vulnerability/c740ed3b-d6b8-4afc-8c6b-a1ec37597055/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-04-08T17:28:01.688Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2322", "state": "PUBLISHED", "dateUpdated": "2025-03-26T17:40:05.769Z", "dateReserved": "2024-03-08T13:37:22.348Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2024-04-03T05:00:01.687Z", "assignerShortName": "WPScan"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks."}, {"lang": "es", "value": "El complemento WooCommerce Cart Abandonment Recovery de WordPress anterior a 1.2.27 no tiene verificaci\u00f3n CSRF en sus acciones masivas, lo que podr\u00eda permitir a los atacantes hacer que los administradores registrados eliminen plantillas de correo electr\u00f3nico arbitrarias, as\u00ed como eliminar y cancelar la suscripci\u00f3n de usuarios de pedidos abandonados a trav\u00e9s de ataques CSRF."}], "id": "CVE-2024-2322", "lastModified": "2025-03-26T18:15:23.890", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-03T05:15:47.920", "references": [{"source": "contact@wpscan.com", "url": "https://wpscan.com/vulnerability/c740ed3b-d6b8-4afc-8c6b-a1ec37597055/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://wpscan.com/vulnerability/c740ed3b-d6b8-4afc-8c6b-a1ec37597055/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Undergoing Analysis"}

{}