A vulnerability marked as critical has been reported in wpswings Points and Rewards for WooCommerce Plugin up to 2.10.1 on WordPress. This affects the function
wps_wpr_generate_custom_wallet of the component Authorization. This manipulation of the argument nonce causes authorization bypass.
This vulnerability is handled as CVE-2026-10628. The attack can be initiated remotely. There is not any exploit available.