WordPress plugin Woocommerce Abandoned Cart Lite has been detected of harboring a nasty cross-site scripting vulnerability (XSS) The plugin provides webadmin the automated capability of finding-out the details of all abandoned shopping carts for their website. All web admins are advised to update their WooCommerce plugin newer than version 5.2.0.0. The plugins developers were made aware of this flaw due to reports of these exploits, they include a check for the existence of the email address registered with the malicious woouser account. The attackers can then use the website for spamming purposes and any kind of cybercrime such as infecting visitors PC with other malware.”]
Source: https://hackercombat.com/wordpress-plugin-woocommerce-is-vulnerable-to-xss-attacks/