CVE-2022-3995
The CVE-2022-3995 entry concerns the WordPress TeraWallet plugin with insecure direct object reference (IDOR) in versions up to 1.4.3. Root cause: insufficient validation of the user-controlled key in the lock_unlock_terawallet AJAX action, enabling authenticated users with subscriber-level permi...