12 matches found
EUVD-2022-43499
Malicious code in bioql PyPI...
EUVD-2024-17424
Malicious code in bioql PyPI...
EUVD-2022-43324
Malicious code in bioql PyPI...
CVE-2024-1690
The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the terawalletexportusersearch function in all versions up to, and including, 1.4.10. This...
CVE-2022-3995
The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lockunlockterawallet AJAX action. This makes it possible for authenticated attackers, with...
CVE-2022-40198
Cross-Site Request Forgery CSRF vulnerability in StandaloneTech TeraWallet – For WooCommerce plugin = 1.3.24 leading to plugin settings change...
CVE-2024-1690
The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the terawalletexportusersearch function in all versions up to, and including, 1.4.10. This...
PT-2024-18226 · WordPress · Terawallet
Name of the Vulnerable Software and Affected Versions: The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress versions up to, and including, 1.4.10 Description: The issue allows authenticated attackers with subscriber-level acce...
CVE-2022-40198
CVE-2022-40198 analysis (TeraWallet – For WooCommerce) Affected software: StandaloneTech TeraWallet – For WooCommerce plugin <= 1.3.24 (WordPress/WooCommerce ecosystem). Root cause/tech detail: Cross-Site Request Forgery (CSRF) vulnerability in the plugin that can lead to changes in plugin set...
WordPress TeraWallet plugin insecure direct object reference vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An insecure direct object...
CVE-2022-3995 TeraWallet – For WooCommerce <= 1.4.3 - Insecure Direct Object Reference
The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lockunlockterawallet AJAX action. This makes it possible for authenticated attackers, with...
PT-2022-25141 · WordPress · Terawallet
Name of the Vulnerable Software and Affected Versions: TeraWallet plugin for WordPress versions up to, and including, 1.4.3 Description: The issue is due to insufficient validation of the user-controlled key on the "lock unlock terawallet" AJAX action. This allows authenticated attackers with...