CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38699 – WordPress Wallet System for WooCommerce plugin <= 2.5.13 - Sensitive Data Exposure via Exported File vulnerability
https://notcve.org/view.php?id=CVE-2024-38699
Missing Authorization vulnerability in WP Swings Wallet System for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wallet System for WooCommerce: from n/a through 2.5.13. The Wallet System for WooCommerce – Wallet, Digital Wallet, Cashback, Recharge User Wallets, Partial Payments, Wallet restriction, Refunds plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.13 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files. • https://patchstack.com/database/vulnerability/wallet-system-for-woocommerce/wordpress-wallet-system-for-woocommerce-plugin-2-5-13-sensitive-data-exposure-via-exported-file-vulnerability?_s_id=cve • CWE-532: Insertion of Sensitive Information into Log File CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32446 – WordPress Wallet System for WooCommerce plugin <= 2.5.9 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32446
Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet System for WooCommerce.This issue affects Wallet System for WooCommerce: from n/a through 2.5.9. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WP Swings Wallet System para WooCommerce. Este problema afecta a Wallet System para WooCommerce: desde n/a hasta 2.5.9. The Wallet System for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.9. This is due to missing or incorrect nonce validation on several functions. • https://patchstack.com/database/vulnerability/wallet-system-for-woocommerce/wordpress-wallet-system-for-woocommerce-plugin-2-5-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •