WordPress Plugin Vulnerabilities

TeraWallet – For WooCommerce < 1.4.0 - Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affects Plugins

Plugin icon
woo-wallet
Fixed in 1.4.0

References

CVE
CVE-2022-36401
CVE
CVE-2022-40198

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
d5ba51e9-4410-4f9b-b95f-8732cfa7083f

Timeline

Publicly Published
2022-10-30 (about 3 years ago)
Added
2023-02-02 (about 3 years ago)
Last Updated
2023-03-01 (about 3 years ago)

Other

Published
Title
Published
2021-07-28
Title
Post Index <= 0.7.5 - CSRF to Stored XSS
Published
2022-09-11
Title
RD Station < 5.2.1 - Multiple CSRF
Published
2025-01-16
Title
OrangeBox <= 3.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2026-01-13
Title
WPBlogSyn <= 1.0 - Cross-Site Request Forgery to Arbitrary Remote Sync Configuration Update
Published
2023-01-06
Title
WP Tabs < 2.1.15 - Multiple CSRF