WordPress Plugin Vulnerabilities

TeraWallet – For WooCommerce < 1.5.16 - Authenticated (Customer+) Race Condition

Description

The Wallet for WooCommerce plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 1.5.15. This makes it possible for authenticated attackers, with Custom-level access and above, to perform an unauthorized action.

Affects Plugins

Fixed in 1.5.16

References

Classification

Type
RACE CONDITION
CWE

Miscellaneous

Original Researcher
b4shu206
Verified
No

Timeline

Publicly Published
2026-02-20 (about 4 months ago)
Added
2026-05-05 (about 1 month ago)
Last Updated
2026-05-05 (about 1 month ago)

Other