What the vulnerability does
01Description
Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
What the vulnerability does
Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.
Explanation of Vulnerability in Simple Terms
The Wallet System for WooCommerce plugin fails to properly check user permissions before allowing certain actions. A logged-in user with low privileges can modify wallet data or settings they should not have access to, potentially affecting site integrity and availability. Update to a version newer than 2.7.6.
What an attacker can do
Modify wallet data or settings without proper authorization as a low-privilege user.
Potential impact on your site
Unauthorized changes to wallet functionality, balances, or plugin settings; potential data corruption or service disruption.
Conditions required to exploit
Attacker must have a low-privilege account on the site (e.g., customer or subscriber role).
Key dates
External resources