VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 7 known issues Latest disclosed Nov 27, 2024

Wallet for WooCommerce Vulnerabilities

Review known vulnerability records for the WordPress plugin Wallet for WooCommerce (`woo-wallet`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-7747, CVE-2024-6353 and CVE-2024-32584, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
7
High or Critical
2
Patch Coverage
100%
Last Updated
Nov 28, 2024
Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Wallet for WooCommerce so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
7 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 2 high severity findings.
Recent CVEs
CVE-2024-7747, CVE-2024-6353 and CVE-2024-32584
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Wallet for WooCommerce

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2024-7747
Wallet for WooCommerce <= 1.5.6 - Authenticated (Subscriber+) Incorrect Conversion between Numeric Types

The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6. This is due to a numerical logic flaw when transferring funds to another user. This makes it possible for authenticated attacke...

Published
Nov 27, 2024
Patched Release
1.5.7
Affected Versions
Versions up to 1.5.6
Next Step
Update to 1.5.7 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-6353
Wallet for WooCommerce <= 1.5.4 - Authenticated (Subscriber+) SQL Injection via 'search[value]'

The Wallet for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'search[value]' parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. T...

Published
Jul 11, 2024
Patched Release
1.5.5
Affected Versions
Versions up to 1.5.4
Next Step
Update to 1.5.5 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-32584
TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds <= 1.5.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting

The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output esca...

Published
Apr 24, 2024
Patched Release
1.5.1
Affected Versions
Versions up to 1.5.0
Next Step
Update to 1.5.1 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-1690
TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds <= 1.4.10 - Missing Authorization to Authenticated (Subscriber+) User Email Export

The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the terawallet_export_user_search() function in all versions up to, and in...

Published
Mar 07, 2024
Patched Release
1.4.11
Affected Versions
Versions up to 1.4.10
Next Step
Update to 1.4.11 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-40198
TeraWallet – For WooCommerce <= 1.3.24 - Cross-Site Request Forgery via admin_options

The TeraWallet plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.24. This is due to missing nonce validation on the admin_options function. This makes it possible for unauthenticated attackers to modify plugin settings, via for...

Published
Feb 15, 2023
Patched Release
1.4.0
Affected Versions
Versions up to 1.3.24
Next Step
Update to 1.4.0 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-3995
TeraWallet – For WooCommerce <= 1.4.3 - Insecure Direct Object Reference

The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action. This makes it possible for authenticated att...

Published
Oct 31, 2022
Patched Release
1.4.4
Affected Versions
Versions up to 1.4.3
Next Step
Update to 1.4.4 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2022-36401
TeraWallet – For WooCommerce <= 1.3.24 - Cross-Site Request Forgery via lock_unlock_terawallet

The TeraWallet plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.24. This is due to missing nonce validation on the lock_unlock_terawallet function. This makes it possible for unauthenticated attackers to lock and unlock wallet...

Published
Oct 30, 2022
Patched Release
1.4.0
Affected Versions
Versions up to 1.3.24
Next Step
Update to 1.4.0 or newer if supported.
Open Full Report Open CVE Reference