CVE-2024-13724

CVE-2024-13724 affects Wallet System for WooCommerce (WordPress plugin) up to version 2.6.2, enabling unauthenticated users to manipulate wallet balances and transfers due to a missing authorization check. Connected sources indicate a patch is available (patch status: Patched); upgrade to the fix...

VirtualAccount as a wallet can be called by anyone

Lines of code Vulnerability details A VirtualAccount represents a user wallet that allows the user to manage assets and perform remote interactions. But because payableCall method lacks any form of authentication it can be called by anyone. The call can be also executed directly to the desired...

MAL-2023-2150 Malicious code in reqquests-toolbelt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 23ce57b190b03c84210ac888cdef8cf3a18485ddea4ef3e00379be5fe86f064c Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2268 Malicious code in siplejson (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 510010840970c21e64aa4803dced7f75832e88d73a8b54ea11e9d12882fbb254 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2364 Malicious code in webocket-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 26e521d49ad2ee97e54aee50e42c9325365fe149f2aa67d5b49516743ea19381 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2112 Malicious code in python-binanc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3562136a5d3ae322013426909d6b26e4ef76c73eeeca707d6fcca0e2d956640a Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-1963 Malicious code in ppyinstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7bc7167d744fec31b8f54d18de17849997102d004e6ab1e2f17daa5beaaf0a72 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in mtaplotlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx fa94624916f2154c92d5d4bc58878b0c1afbd89413c05c76afc7b9e7813b5515 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2349 Malicious code in vpyer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 83457baf8624fb50561d8319e3f503233fa126f4ce4c8e9e21cfe4beaaa88c47 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-1671 Malicious code in bticoinlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8fb138741477bbc9e9e869c0ebbae7cab9491434932f2971e2f787a88324b490 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2352 Malicious code in vyer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx e961519e611c7b3cd3b7cac8ae153f1cd4a9c9f61b85efef43d5643ddf4d124a Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-1656 Malicious code in bitcoilib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx aa8307b31e8811c8bdb1dc26ec8850c339ef0b6740eb09afa0b1deec22a3f5a7 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-1716 Malicious code in cryptocmpare (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 31c1a15b11a25912d44142a580b44ae76a5be5710e58171a679ad99c4e80bb4f Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-1833 Malicious code in freqqtrade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 80ae317019207fa63d7913143c4586a3f1e5fc7236d5b15fca01263a281ea0c1 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

CVE-2022-3995 TeraWallet – For WooCommerce <= 1.4.3 - Insecure Direct Object Reference

The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lockunlockterawallet AJAX action. This makes it possible for authenticated attackers, with...