WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress TeraWallet plugin 1.4.3 and earlier versions are vulnerable to an insecure direct object reference vulnerability, which stems from a failure to validate user-controlled keys in the lock_unlock_terawallet AJAX operation. Failure to validate effectively could be exploited by an attacker to perform unauthorized operations.