PT-2026-5883 · WordPress · Myrewards – Loyalty Points/Rewards For Woocommerce
Tharadol Suksamran
·
Publicado
2026-02-04
·
Atualizado
2026-02-04
·
CVE-2025-15260
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
MyRewards – Loyalty Points and Rewards for WooCommerce plugin versions prior to 5.6.1
Description
The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress does not properly verify user authorization when performing actions within the
ajax function. This allows authenticated attackers with subscriber-level access or higher to modify, add, or delete loyalty program earning rules. Specifically, attackers can manipulate point multipliers to arbitrary values.Recommendations
Update the MyRewards – Loyalty Points and Rewards for WooCommerce plugin to version 5.6.1 or later.
Correção
LPE
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Myrewards – Loyalty Points/Rewards For Woocommerce