Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-40198 | 1 Standalonetech | 1 Terawallet | 2023-03-08 | N/A | 4.3 MEDIUM |
Cross-Site Request Forgery (CSRF) vulnerability in StandaloneTech TeraWallet – For WooCommerce plugin <= 1.3.24 leading to plugin settings change. | |||||
CVE-2022-36401 | 1 Standalonetech | 1 Terawallet | 2023-02-09 | N/A | 8.8 HIGH |
Cross-Site Request Forgery (CSRF) vulnerability in TeraWallet – For WooCommerce plugin <= 1.3.24 versions. | |||||
CVE-2022-3995 | 1 Standalonetech | 1 Terawallet | 2022-12-01 | N/A | 4.3 MEDIUM |
The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to lock/unlock other users wallets. |