CVE-2022-3995

The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to lock/unlock other users wallets.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/changeset/2817824/woo-wallet/trunk?contextall=1&old=2816610&old_path=%2Fwoo-wallet%2Ftrunk	Patch Third Party Advisory
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3995	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:standalonetech:terawallet:*:*:*:*:*:wordpress:*:*

History

07 Nov 2023, 03:52

Type	Values Removed	Values Added
Summary	The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to lock/unlock other users wallets.	The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to lock/unlock other users wallets.

Information

Published : 2022-11-29 21:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-3995

Mitre link : CVE-2022-3995

CVE.ORG link : CVE-2022-3995

JSON object : View

Products Affected

standalonetech

terawallet

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

{"id": "CVE-2022-3995", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2022-11-29T21:15:11.597", "references": [{"url": "https://plugins.trac.wordpress.org/changeset/2817824/woo-wallet/trunk?contextall=1&old=2816610&old_path=%2Fwoo-wallet%2Ftrunk", "tags": ["Patch", "Third Party Advisory"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3995", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to lock/unlock other users wallets."}, {"lang": "es", "value": "El complemento TeraWallet para WordPress es vulnerable a Insecure Direct Object Reference en versiones hasta la 1.4.3 incluida. Esto se debe a una validaci\u00f3n insuficiente de la clave controlada por el usuario en la acci\u00f3n AJAX lock_unlock_terawallet. Esto hace posible que atacantes autenticados, con permisos de nivel de suscriptor y superiores, bloqueen/desbloqueen las billeteras de otros usuarios."}], "lastModified": "2023-11-07T03:52:05.350", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:standalonetech:terawallet:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "7B9054CE-D90D-4E36-AD18-4AC148963D31", "versionEndIncluding": "1.4.3"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}