WordPress Plugin Vulnerabilities

Wallet System for WooCommerce < 2.6.3 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access to functionality. This makes it possible for unauthenticated attackers to increase their own wallet balance, transfer balances between arbitrary users and initiate transfer requests from other users' wallets.

Affects Plugins

Plugin icon
wallet-system-for-woocommerce
Fixed in 2.6.3

References

CVE
CVE-2024-13724
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/bda326b0-9049-496a-a600-fa65151ce98f

Classification

Type
INCORRECT AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-863
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Tim Coen
Verified
No
WPVDB ID
83fb1619-8671-4bd8-8cb8-f98ab420174d

Timeline

Publicly Published
2025-03-03 (about 1 year ago)
Added
2025-03-06 (about 1 year ago)
Last Updated
2025-03-06 (about 1 year ago)

Other

Published
Title
Published
2026-01-08
Title
WP Table Builder < 2.0.20 - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation
Published
2023-10-12
Title
WP < 6.3.2 - Subscriber+ Arbitrary Shortcode Execution
Published
2022-03-21
Title
Salon booking system < 7.6.3 - Customer+ Bookings/Customers Data Disclosure
Published
2023-06-05
Title
Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution
Published
2022-11-21
Title
Car Dealer < 3.05 - Subscriber+ Arbitrary Plugin Installation