CVE-2024-7747
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Nov 28, 2024
CWE ID 681
Summary
CVE-2024-7747: The Wallet for WooCommerce plugin for WordPress, used in versions up to 1.5.6, contains a numerical logic flaw. This vulnerability allows authenticated attackers with Subscriber-level access or higher to create funds during a transfer and distribute them to other users or their own account. If the Wallet Withdrawal extension is used, attackers can also request to withdraw these funds with administrative approval. This issue can result in free products for attackers and potential financial loss for affected sites.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share