The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to lock/unlock other users wallets.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2022-11-29T20:43:15.611Z
Updated: 2024-08-03T01:27:53.862Z
Reserved: 2022-11-14T20:10:25.541Z
Link: CVE-2022-3995
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-11-29T21:15:11.597
Modified: 2024-11-21T07:20:41.877
Link: CVE-2022-3995
Redhat
No data.