CVE-2025-14450

The Wallet System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'changewalletfundrequeststatuscallback' function in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with...

EUVD-2026-3163

The Wallet System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'changewalletfundrequeststatuscallback' function in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with...

CVE-2025-14450

The CVE CVE-2025-14450 affects Wallet System for WooCommerce (WordPress) where a missing capability check in change_wallet_fund_request_status_callback allowed authenticated users with Subscriber+ privileges to modify wallet withdrawal requests and arbitrarily alter balances in versions up to 2.7...

Bug on e handling of excess ETH deposits

Lines of code Vulnerability details The StaderStakePoolsManager contract contains a critical bug that could lead to financial loss and system instability. The bug is related to the handling of excess ETH deposits and the calculation of available ETH for new deposits. Bug Description: In the...