CVE-2026-57698
Received Received - Intake

BaseFortify

Vulnerability report for CVE-2026-57698, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: Patchstack

Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Authentication Abuse.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through <= 1.1.12.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
villatheme abandoned_cart_recovery_for_woocommerce to 1.1.12 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-288 The product requires authentication, but the product has an alternate path or channel that does not require authentication.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-57698 is an authentication bypass vulnerability in the WordPress Abandoned Cart Recovery for WooCommerce Plugin, specifically versions 1.1.12 and earlier.

This vulnerability allows unauthenticated attackers to perform actions that normally require higher privileges, potentially gaining admin access to the affected website.

It is classified as a Broken Authentication issue and falls under the OWASP Top 10 category A7: Identification and Authentication Failures.

Impact Analysis

This vulnerability can have a significant impact as it allows attackers without authentication to gain administrative access to your website.

With admin access, attackers can manipulate website data, compromise user information, inject malicious code, or disrupt website operations.

Such vulnerabilities are often exploited in mass campaigns targeting thousands of websites, increasing the risk of widespread damage.

Detection Guidance

This vulnerability allows unauthenticated attackers to perform actions normally restricted to higher-privileged users, potentially gaining admin access. Detection can involve monitoring for unusual authentication bypass attempts or unauthorized admin-level actions.

Patchstack has provided a mitigation rule to block attacks until the update is applied, which may include detection signatures or firewall rules.

Specific commands are not provided in the available resources.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the Abandoned Cart Recovery for WooCommerce plugin to version 1.1.13 or later, where the issue has been patched.

Until the update can be applied, users are advised to implement the mitigation rule provided by Patchstack to block attacks targeting this vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57698. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart