CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40198 – WordPress TeraWallet – For WooCommerce Plugin <= 1.3.24 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-40198
15 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in StandaloneTech TeraWallet – For WooCommerce plugin <= 1.3.24 leading to plugin settings change. The TeraWallet plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.24. This is due to missing nonce validation on the admin_options function. This makes it possible for unauthenticated attackers to modify plugin settings, via forged request granted they can trick a site administrator into performing an action suc... • https://patchstack.com/database/vulnerability/woo-wallet/wordpress-terawallet-for-woocommerce-plugin-1-3-24-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3995 – TeraWallet – For WooCommerce <= 1.4.3 - Insecure Direct Object Reference
https://notcve.org/view.php?id=CVE-2022-3995
31 Oct 2022 — The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to lock/unlock other users wallets. El complemento TeraWallet para WordPress es vulnerable a Insecure Direct Object Reference en versiones hasta la 1.4.3 incluida. Esto se debe a ... • https://plugins.trac.wordpress.org/changeset/2817824/woo-wallet/trunk?contextall=1&old=2816610&old_path=%2Fwoo-wallet%2Ftrunk • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36401 – WordPress TeraWallet – For WooCommerce Plugin <= 1.3.24 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-36401
30 Oct 2022 — Cross-Site Request Forgery (CSRF) vulnerability in TeraWallet – For WooCommerce plugin <= 1.3.24 versions. The TeraWallet plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.24. This is due to missing nonce validation on the lock_unlock_terawallet function. This makes it possible for unauthenticated attackers to lock and unlock wallets, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. Cross... • https://patchstack.com/database/vulnerability/woo-wallet/wordpress-terawallet-for-woocommerce-plugin-1-3-24-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •