PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-12103 subratamal CVE debrief

The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.6.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to enumerate the login name, email address, and user ID of all WordPress accounts — including administrators — by submitting arbitrary search terms to the AJAX handler.

Vendor
subratamal
Product
Wallet for WooCommerce
CVSS
MEDIUM 4.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-11
Original CVE updated
2026-07-11
Advisory published
2026-07-11
Advisory updated
2026-07-11

Who should care

Administrators of WordPress sites using the Wallet for WooCommerce plugin, security teams monitoring for potential authorization bypass vulnerabilities, and users with subscriber-level access or above on affected sites.

Technical summary

The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to improper verification of user authorization. Authenticated attackers with subscriber-level access or above can enumerate login names, email addresses, and user IDs of all WordPress accounts, including administrators, by submitting arbitrary search terms to the AJAX handler. The required 'search-user' nonce is localized into the wallet_param object on the standard WooCommerce My Account page, accessible to any authenticated user.

Defensive priority

Medium priority due to the potential for enumeration of sensitive user information.

Recommended defensive actions

  • Update the Wallet for WooCommerce plugin to a version beyond 1.6.4.
  • Restrict access to the WooCommerce My Account page to authorized users only.
  • Monitor for suspicious AJAX requests to the plugin's handler.
  • Consider implementing additional security measures to protect user information.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.

Evidence notes

The CVE record was published on 2026-07-11T07:16:45.490Z and has not been modified since then. The NVD entry is currently in the 'Received' status. Multiple references are provided, including links to the plugin's code repository and a Wordfence threat intelligence report.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-11T07:16:45.490Z and has not been modified since then. The NVD entry is currently in the 'Received' status.