The Abandoned Cart Lite for WooCommerce plugin for WordPress has an issue in versions up to and including 5.8.5. This allows unauthenticated attackers to generate email preview templates without authorization. This is possible by tricking a site administrator into clicking on a malicious link, as the plugin is missing or has incorrect nonce validation on the wcal_preview_emails() function. This vulnerability could have dangerous consequences.