Wallet System For Woocommerce
Monthly
Improper authorization in the Wallet System for WooCommerce WordPress plugin (versions 2.7.6 and earlier) lets low-privileged authenticated users — subscriber-level accounts — perform wallet actions reserved for higher roles, enabling manipulation of stored wallet balances and transactions. The flaw, reported by Patchstack and tracked as CWE-862 (Missing Authorization), carries a 7.1 (High) CVSS score driven by high integrity impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
The Wallet System for WooCommerce - Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
The Wallet System for WooCommerce - Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
Improper authorization in the Wallet System for WooCommerce WordPress plugin (versions 2.7.6 and earlier) lets low-privileged authenticated users — subscriber-level accounts — perform wallet actions reserved for higher roles, enabling manipulation of stored wallet balances and transactions. The flaw, reported by Patchstack and tracked as CWE-862 (Missing Authorization), carries a 7.1 (High) CVSS score driven by high integrity impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
The Wallet System for WooCommerce - Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
The Wallet System for WooCommerce - Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.