CVE-2024-13724
CVE-2024-13724
Título es
CVE-2024-13724
Mar, 04/03/2025 – 09:15
Tipo
CWE-285
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-13724
Descripción en
The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to increase their own wallet balance, transfer balances between arbitrary users and initiate transfer requests from other users' wallets.
04/03/2025
04/03/2025
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Gravedad 3.1 (CVSS 3.1 Base Score)
4.30
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM
Referencias
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3244479%40wallet-system-for-woocommerce/trunk&old=3231275%40wallet-system-for-woocommerce/trunk
https://www.wordfence.com/threat-intel/vulnerabilities/id/bda326b0-9049-496a-a600-fa65151ce98f?source=cve
Enviar en el boletín
Off
