The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to increase their own wallet balance, transfer balances between arbitrary users and initiate transfer requests from other users' wallets.
References
Configurations
History
04 Mar 2025, 20:34
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:wpswings:wallet_system_for_woocommerce:*:*:*:*:*:wordpress:*:* | |
CWE | NVD-CWE-noinfo | |
First Time |
Wpswings wallet System For Woocommerce
Wpswings |
|
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3244479%40wallet-system-for-woocommerce%2Ftrunk&old=3231275%40wallet-system-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail= - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/bda326b0-9049-496a-a600-fa65151ce98f?source=cve - Third Party Advisory |
04 Mar 2025, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-03-04 09:15
Updated : 2025-03-04 20:34
NVD link : CVE-2024-13724
Mitre link : CVE-2024-13724
CVE.ORG link : CVE-2024-13724
JSON object : View
Products Affected
wpswings
- wallet_system_for_woocommerce
CWE