CVE-2019-25152: 
WordPress vulnerability analysis and mitigation

The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress were identified with a Stored Cross-Site Scripting vulnerability (CVE-2019-25152) affecting versions up to 5.1.3 and 7.12.0 respectively. The vulnerability was discovered due to insufficient input sanitization and output escaping, which was disclosed on June 21, 2023 (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.1 MEDIUM by NIST and 7.2 HIGH by Wordfence. The attack vector is network-based with low attack complexity, requiring no privileges but user interaction, with changed scope and low impacts on both confidentiality and integrity (NVD).

This vulnerability allows unauthenticated attackers to inject arbitrary web scripts in user input that will execute on the admin dashboard. The successful exploitation could lead to potential site takeovers through the execution of malicious JavaScript code in the administrator's browser (NVD).

Users are advised to update their installations to versions after 5.1.3 for Abandoned Cart Lite and after 7.12.0 for Abandoned Cart Pro. The vulnerability has been patched in subsequent releases (NVD).