67 matches found
CVE-2026-57332
Subscriber Broken Access Control in Wallet System for WooCommerce = 2.7.6 versions...
EUVD-2026-40103
Subscriber Broken Access Control in Wallet System for WooCommerce = 2.7.6 versions...
CVE-2026-57332
The CVE affects the WordPress Wallet System for WooCommerce plugin, specifically versions
CVE-2026-57332 WordPress Wallet System for WooCommerce plugin <= 2.7.6 - Broken Access Control vulnerability
Subscriber Broken Access Control in Wallet System for WooCommerce = 2.7.6 versions...
PT-2026-53293
Name of the Vulnerable Software and Affected Versions Wallet System for WooCommerce versions prior to 2.7.7 Description Broken access control allows users with the Subscriber role to perform unauthorized actions within the system. Recommendations Update Wallet System for WooCommerce to version...
CVE-2026-42654
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5...
CVE-2026-42654
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5...
CVE-2026-42654
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5...
CVE-2026-42654 WordPress Wallet System for WooCommerce plugin <= 2.7.5 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5...
CVE-2026-42654
CVE-2026-42654 affects the WordPress Wallet System for WooCommerce plugin (versions up to 2.7.5). The vulnerability is an authentication bypass via an alternate path or channel that enables password recovery exploitation. This is described as a broken authentication vulnerability and specifically...
CVE-2026-42654 WordPress Wallet System for WooCommerce plugin <= 2.7.5 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5...
EUVD-2026-33947
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5...
WordPress plugin Wallet System for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-45780
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5...
WordPress Wallet System for WooCommerce plugin <= 2.7.5 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by Jakub Herman in WordPress Plugin Wallet System for WooCommerce versions = 2.7.5...
WordPress Wallet System for WooCommerce plugin <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wallet Balance Manipulation vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Wallet Balance Manipulation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Wallet System for WooCommerce versions = 2.7.2...
CVE-2025-14450
The Wallet System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'changewalletfundrequeststatuscallback' function in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with...
CVE-2025-14450
The Wallet System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'changewalletfundrequeststatuscallback' function in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with...
CVE-2025-14450
The CVE CVE-2025-14450 affects Wallet System for WooCommerce (WordPress) where a missing capability check in change_wallet_fund_request_status_callback allowed authenticated users with Subscriber+ privileges to modify wallet withdrawal requests and arbitrarily alter balances in versions up to 2.7...
CVE-2025-14450 Wallet System for WooCommerce <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wallet Balance Manipulation
The Wallet System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'changewalletfundrequeststatuscallback' function in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with...