CVE-2026-32398 - Vulnerability Details

Description

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This issue affects TeraWallet – For WooCommerce: from n/a through <= 1.5.15.

Published: 2026-03-13

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Concurrent execution using a shared resource without proper synchronization was identified in Subrata Mal’s TeraWallet – For WooCommerce plugin (versions up to 1.5.15). The issue is a classic race condition (CWE‑362) that can allow an attacker to interfere with the normal sequence of operations, potentially leading to data corruption or unpredictable behavior. The advisory does not describe a direct threat to confidentiality or integrity beyond these inconsistencies.

Affected Systems

The vulnerability affects the WordPress plugin ‘TeraWallet – For WooCommerce’ developed by Subrata Mal. All releases from the earliest version through version 1.5.15 are impacted; any deployment of the plugin at or below 1.5.15 is potentially vulnerable.

Risk and Exploitability

The CVSS score is 5.3, indicating a moderate impact. The EPSS score is less than 1%, suggesting a low likelihood of exploitation at this time. The vulnerability is not currently listed in the CISA KEV catalog. Because the flaw requires concurrent access to shared data, the likely attack vector is local or involves a privileged user creating two parallel requests; the exact external exploitation path is not explicitly documented in the provided information.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Subrata Mal

TeraWallet – For WooCommerce

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.5.15

No data.

Vendor Product Confidence Versions

Subratamal

Terawallet For Woocommerce

100%

Version	Status	Scheme	Platform
`[0,1.5.15]`	affected	semver	—
`[1.5.16,*]`	unaffected	semver	—

Wordpress

80%

Version	Status	Scheme	Platform
`—`	unaffected	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade TeraWallet – For WooCommerce to the latest version (greater than 1.5.15) to eliminate the race condition.
If an immediate upgrade is not feasible, review application flow that triggers concurrent updates and add manual locking or disable the affected functionality until a patch is applied.
Monitor the site for anomalous behavior related to data consistency, and check for future updates on the plugin’s official repository.

Generated by OpenCVE AI on March 17, 2026 at 19:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00044.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://patchstack.com/database/Wordpress/Plugin/woo-wallet/vulnerability/wordpress-terawallet-for-woocommerce-plugin-1-5-15-race-condition-vulnerability?_s_id=cve

History

Tue, 17 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}`	cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N'}`

Mon, 16 Mar 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 16 Mar 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Subratamal Subratamal terawallet For Woocommerce Wordpress Wordpress wordpress
Vendors & Products		Subratamal Subratamal terawallet For Woocommerce Wordpress Wordpress wordpress

Fri, 13 Mar 2026 12:00:00 +0000

Type	Values Removed	Values Added
Description		Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This issue affects TeraWallet – For WooCommerce: from n/a through <= 1.5.15.
Title		WordPress TeraWallet – For WooCommerce plugin <= 1.5.15 - Race Condition vulnerability
Weaknesses		CWE-362
References		https://patchstack.com/database/Wordpress/Plugin/woo-wallet/vulnerability/wordpress-terawallet-for-woocommerce-plugin-1-5-15-race-condition-vulnerability?_s_id=cve

Subscriptions

Subratamal Terawallet For Woocommerce

Wordpress Wordpress

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2026-03-13T11:42:11.880Z

Updated: 2026-04-01T14:16:08.978Z

Reserved: 2026-03-12T11:11:14.584Z

Link: CVE-2026-32398

Vulnrichment

Updated: 2026-03-16T19:17:52.056Z

NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:55.640

Modified: 2026-03-17T18:16:17.487

Link: CVE-2026-32398

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-23T12:04:03Z

Weaknesses

CWE-362

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object