Wallet System for WooCommerce Missing Authorization Vulnerability Allows Arbitrary Wallet Balance Manipulation
Vulnerability
A vulnerability exists in the Wallet System for WooCommerce plugin for WordPress, in all versions through 2.7.2. The issue arises from a lack of proper capability checks in the 'change_wallet_fund_request_status_callback' function. This flaw enables authenticated attackers with Subscriber-level access or higher to manipulate wallet withdrawal requests, potentially leading to unauthorized increases in their own wallet balances or decreases in the balances of other users.
Impact
Exploitation of this vulnerability allows for unauthorized modifications of wallet balances, including arbitrary increases or decreases, depending on the attacker's actions.
Reproduction
To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the 'change_wallet_fund_request_status_callback' function without the necessary authorization. This can be done by manipulating wallet withdrawal requests through the WordPress admin interface or by using a custom script that interacts with the WordPress REST API.
Remediation
Users are advised to update the Wallet System for WooCommerce plugin to version 2.7.3 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.