The Abandoned Cart Recovery for WooCommerce plugin for WordPress, which is used in versions up to and including 1.0.4, has a security vulnerability. This vulnerability allows unauthenticated attackers to perform read-only actions on the website, such as viewing data, if they can get a site administrator to click on a specially crafted link. This is possible because the plugin does not validate nonces correctly on the get_items() and extra_tablenav() functions.