{"uuid": "220114d4-87d6-4be9-aae6-db6cce560cdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3995", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2825", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3995\n\ud83d\udd39 Description: The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lock_unlock_terawallet AJAX action.  This makes it possible for authenticated attackers, with subscriber-level permissions and above, to lock/unlock other users wallets.\n\ud83d\udccf Published: 2022-11-29T20:43:15.611Z\n\ud83d\udccf Modified: 2025-01-23T20:49:07.448Z\n\ud83d\udd17 References:\n1. https://plugins.trac.wordpress.org/changeset/2817824/woo-wallet/trunk?contextall=1&old=2816610&old_path=%2Fwoo-wallet%2Ftrunk\n2. https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3995", "creation_timestamp": "2025-01-23T21:03:30.000000Z"}