The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to lock/unlock other users wallets.
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset/2817824/woo-wallet/trunk?contextall=1&old=2816610&old_path=%2Fwoo-wallet%2Ftrunk | Patch Third Party Advisory |
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3995 | Third Party Advisory |
Configurations
History
07 Nov 2023, 03:52
Type | Values Removed | Values Added |
---|---|---|
Summary | The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to lock/unlock other users wallets. |
Information
Published : 2022-11-29 21:15
Updated : 2024-02-28 19:51
NVD link : CVE-2022-3995
Mitre link : CVE-2022-3995
CVE.ORG link : CVE-2022-3995
JSON object : View
Products Affected
standalonetech
- terawallet
CWE
CWE-639
Authorization Bypass Through User-Controlled Key