CVE-2022-2389: Automations By Autonami < 2.1.2 - Subscriber+ Automation Creation
First published: Mon Aug 22 2022(Updated: )
The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Buildwoofunnels Autonami | <2.1.2 | |
| Funnelkit Automations | <2.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-2389?
CVE-2022-2389 has a medium severity rating due to the lack of authorization and CSRF checks in the affected WordPress plugin.
How do I fix CVE-2022-2389?
To fix CVE-2022-2389, update the Abandoned Cart Recovery for WooCommerce plugin to version 2.1.2 or later.
What versions are affected by CVE-2022-2389?
CVE-2022-2389 affects versions of the Abandoned Cart Recovery for WooCommerce plugin prior to 2.1.2.
Who is impacted by CVE-2022-2389?
Authenticated users, including those with subscriber roles, are impacted by CVE-2022-2389 as they can exploit the vulnerability.
What type of attacks can CVE-2022-2389 allow?
CVE-2022-2389 can allow unauthorized authenticated users to create automated campaign actions.
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/references
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/buildwoofunnels
- canonical/buildwoofunnels autonami
- vendor/funnelkit
- canonical/funnelkit automations