Vulnerability in TeraWallet Plugin for WooCommerce by WordPress
CVE-2024-1690
4.3MEDIUM
Key Information:
- Vendor
Wordpress
- Status
- Vendor
- CVE Published:
- 13 March 2024
What is CVE-2024-1690?
The TeraWallet plugin for WooCommerce has a security flaw that allows authenticated users with subscriber access or higher to bypass capability checks. This vulnerability in the terawallet_export_user_search() function, present in all versions up to and including 1.4.10, enables attackers to export sensitive information, including a list of registered users and their email addresses. This poses a significant risk to user privacy and can lead to unauthorized access to confidential data.
Affected Version(s)
TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds * <= 1.4.10