Skip to main content

Wallet System For Woocommerce

3 CVEs product

Monthly

CVE-2026-57332 HIGH This Week

Improper authorization in the Wallet System for WooCommerce WordPress plugin (versions 2.7.6 and earlier) lets low-privileged authenticated users — subscriber-level accounts — perform wallet actions reserved for higher roles, enabling manipulation of stored wallet balances and transactions. The flaw, reported by Patchstack and tracked as CWE-862 (Missing Authorization), carries a 7.1 (High) CVSS score driven by high integrity impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass WordPress Wallet System For Woocommerce
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-13724 MEDIUM PATCH This Month

The Wallet System for WooCommerce - Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Wallet System For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-13682 MEDIUM PATCH This Month

The Wallet System for WooCommerce - Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress PHP CSRF Wallet System For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH This Week

Improper authorization in the Wallet System for WooCommerce WordPress plugin (versions 2.7.6 and earlier) lets low-privileged authenticated users — subscriber-level accounts — perform wallet actions reserved for higher roles, enabling manipulation of stored wallet balances and transactions. The flaw, reported by Patchstack and tracked as CWE-862 (Missing Authorization), carries a 7.1 (High) CVSS score driven by high integrity impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass WordPress Wallet System For Woocommerce
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Wallet System for WooCommerce - Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Wallet System For Woocommerce
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Wallet System for WooCommerce - Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress PHP CSRF +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy