CVE-2024-13724

Medium CVSS: 4.3

The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to increase their own wallet balance, transfer balances between arbitrary users and initiate transfer requests from other users' wallets.

Vendor

Wpswings

Product

Wallet System For Woocommerce

CWE

CWE-285

Yayın Tarihi

2025-03-04 09:15:10

Güncelleme

2025-03-04 20:50:01

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-285 Wallet System For Woocommerce MEDIUM Wpswings 2025

Referanslar

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3244479%40wallet-system-for-woocommerce%2Ftrunk&old=3231275%40wallet-system-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/bda326b0-9049-496a-a600-fa65151ce98f?source=cve

Benzer Kayıtlar

Medium

CVE-2025-5103

The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to boolean-based SQL Injection via the 'defau…

Medium

CVE-2024-13682

The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for Wor…

Critical

CVE-2024-8425

The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file…

Medium

CVE-2024-13692

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Feature…

Medium

CVE-2024-13641

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Feature…