CVE-2024-13682 identifies a medium-severity vulnerability in the Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, and Wallet Restriction plugin. This vulnerability allows unauthenticated attackers to perform Cross-Site Request Forgery (CSRF) attacks due to missing or incorrect nonce validation in class-wallet-user-table.php. As a result, attackers can exploit this flaw to modify wallet balances if they can trick a site administrator into executing a crafted request, such as clicking on a link.
With a CVSS score of 4.3, this vulnerability is classified as medium severity. The risk to organizations includes potential financial loss from unauthorized modifications to wallet balances. Given the low attack complexity and required user interaction, the urgency for defenders is to prioritize patching this vulnerability as soon as possible.
As of the latest information, no public exploits have been confirmed, and the vulnerability is not listed in the Known Exploited Vulnerabilities (KEV) database. However, organizations using this plugin must remain vigilant and apply the necessary updates promptly to prevent possible exploitation.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)