Description
WordPress Plugin LetsRecover-WooCommerce Abandoned Cart Notifications is prone to multiple SQL injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin LetsRecover-WooCommerce Abandoned Cart Notifications version 1.1.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.2.0 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:4D1C0886-11F7-494F-B175-691253F46626
https://sploitus.com/exploit?id=WPEX-ID:221BF87B-69E2-4C53-971E-8516B798C759
https://sploitus.com/exploit?id=WPEX-ID:27A8D7CB-E179-408E-AF13-8722AB41947B
Related Vulnerabilities
Python Untrusted Search Path Vulnerability (CVE-2023-41105)
WordPress Plugin Rich Reviews Cross-Site Scripting (1.7.4)
PHP Other Vulnerability (CVE-2007-1452)
MongoDb Improper Handling of Exceptional Conditions Vulnerability (CVE-2020-7923)
Internet Information Services Other Vulnerability (CVE-2003-0225)