- Description
- The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6. This is due to a numerical logic flaw when transferring funds to another user. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create funds during a transfer and distribute these funds to any number of other users or their own account, rendering products free. Attackers could also request to withdraw funds if the Wallet Withdrawal extension is used and the request is approved by an administrator.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
- security@wordfence.com
- CWE-681
- Hype score
- Not currently trending
CVE-2024-7747 Numeric Conversion Flaw in WooCommerce Wallet Allows Fund Exploitation The Wallet for WooCommerce plugin in WordPress has a problem with how it changes number types in versions up to 1.5.6. This pro... https://t.co/l63mj5foni
@VulmonFeeds
29 Nov 2024
87 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-7747 The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6. This is due to … https://t.co/jGRYuMhm9V
@CVEnew
28 Nov 2024
526 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes