3 matches found
WordPress TeraWallet – For WooCommerce Plugin <= 1.4.10 is vulnerable to Broken Access Control
Software TeraWallet – For WooCommerce Type Plugin Vulnerable versions = 1.4.10 Fixed in 1.4.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1690 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 82fda70effd1 Credits Lucio Sá Requir...
CVE-2024-1690
The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the terawalletexportusersearch function in all versions up to, and including, 1.4.10. This...
CVE-2024-1690
CVE-2024-1690 affects the WordPress plugin “TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds.” All versions up to 1.4.10 are vulnerable to unauthorized data access due to a missing capability check in terawallet_export_user_search(), enabling auth...