Missing Authorization Vulnerability in WooCommerce Recover Abandoned Cart by FantasticPlugins
CVE-2025-64222

Currently unrated

Key Information:

Vendor

WordPress
Status
WooCommerce Recover Abandoned Cart
Vendor
CVE Published:
18 December 2025

What is CVE-2025-64222?

A missing authorization vulnerability has been identified in the WooCommerce Recover Abandoned Cart plugin by FantasticPlugins. This issue arises from incorrectly configured access control security levels, which may allow unauthorized access to sensitive functionality. This vulnerability impacts versions from n/a to 24.6.0, potentially putting user data and site integrity at risk. It is crucial for users of the affected product to review their access settings and apply necessary updates to mitigate potential exploitation.

Affected Version(s)

WooCommerce Recover Abandoned Cart <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/rac/...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Denver Jackson | Patchstack Bug Bounty Program
JSON
.
CVE-2025-64222 : Missing Authorization Vulnerability in WooCommerce Recover Abandoned Cart by FantasticPlugins