Primary

Context

Wallet System for WooCommerce Missing Authorization Vulnerability

Vulnerability

A vulnerability exists in the Wallet System for WooCommerce plugin, specifically in versions through 2.6.2, allowing unauthorized access to certain functionalities. This flaw enables unauthenticated users to manipulate wallet balances by increasing their own, transferring funds between users, and initiating transfer requests from other users' wallets.

Impact

Exploitation of this vulnerability could lead to unauthorized financial transactions within the WooCommerce wallet system, allowing users to fraudulently increase their wallet balance and transfer funds without authorization.

Remediation

Users are advised to update the Wallet System for WooCommerce plugin to version 2.6.3 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Wallet System for WooCommerce Missing Authorization Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating