Vulnerability in TeraWallet Plugin for WooCommerce by WordPress
CVE-2024-1690
4.3MEDIUM
Key Information:
- Vendor
- Wordpress
- Status
- Vendor
- CVE Published:
- 13 March 2024
Summary
The TeraWallet plugin for WooCommerce has a security flaw that allows authenticated users with subscriber access or higher to bypass capability checks. This vulnerability in the terawallet_export_user_search() function, present in all versions up to and including 1.4.10, enables attackers to export sensitive information, including a list of registered users and their email addresses. This poses a significant risk to user privacy and can lead to unauthorized access to confidential data.
Affected Version(s)
TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds * <= 1.4.10
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Lucio Sá