CVE-2024-13724

The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to increase their own wallet balance, transfer balances between arbitrary users and initiate transfer requests from other users' wallets.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wpswings:wallet_system_for_woocommerce:*:*:*:*:*:wordpress:*:*

History

04 Mar 2025, 20:34

Type Values Removed Values Added
CPE cpe:2.3:a:wpswings:wallet_system_for_woocommerce:*:*:*:*:*:wordpress:*:*
CWE NVD-CWE-noinfo
First Time Wpswings wallet System For Woocommerce
Wpswings
References () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3244479%40wallet-system-for-woocommerce%2Ftrunk&old=3231275%40wallet-system-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail= - () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3244479%40wallet-system-for-woocommerce%2Ftrunk&old=3231275%40wallet-system-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail= - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/bda326b0-9049-496a-a600-fa65151ce98f?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/bda326b0-9049-496a-a600-fa65151ce98f?source=cve - Third Party Advisory

04 Mar 2025, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-03-04 09:15

Updated : 2025-03-04 20:34


NVD link : CVE-2024-13724

Mitre link : CVE-2024-13724

CVE.ORG link : CVE-2024-13724


JSON object : View

Products Affected

wpswings

  • wallet_system_for_woocommerce
CWE
CWE-285

Improper Authorization

NVD-CWE-noinfo