Vulnerabilidades em wclovers
18 resultadosCVE-2022-4939CRITICALWCFM Membership <= 2.10.0 - Unauthenticated Privilege EscalationEPSS 2.1%CVE-2023-2276CRITICALWCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password ChangeEPSS 1.1%CVE-2022-4940HIGHWCFM Membership <= 2.10.0 - Missing AuthorizationEPSS 1.1%CVE-2022-4935HIGHWCFM Marketplace <= 3.4.11 - Missing AuthorizationEPSS 0.7%CVE-2022-4937MEDIUMThe WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and includinEPSS 0.6%CVE-2024-8290HIGHWCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.12 - Insecure Direct Object Reference to Account Takeover/Privilege EscalationEPSS 0.6%CVE-2023-2275MEDIUMWooCommerce Multivendor Marketplace – REST API <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order/Order Note Disclosure, Order Note Addition via REST APIEPSS 0.5%CVE-2023-4960MEDIUMWCFM Marketplace <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodeEPSS 0.4%CVE-2026-0845HIGHWCFM - WooCommerce Frontend Manager <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options UpdateEPSS 0.4%CVE-2025-1311MEDIUMWooCommerce Multivendor Marketplace – REST API <= 1.6.2 - Authenticated (Subscriber+) SQL InjectionEPSS 0.4%CVE-2026-4896HIGHWCFM - WooCommerce Frontend Manager <= 6.7.25 - Insecure Direct Object References to Autenticated (Vendor+) Arbitrary Post/Product ManipulationEPSS 0.4%CVE-2026-2554HIGHWCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.25 - Authenticated (Vendor+) Insecure Direct Object Reference to Arbitrary User DeletionEPSS 0.3%CVE-2022-4941MEDIUMWCFM Membership <= 2.9.10 - Cross-Site Request ForgeryEPSS 0.3%CVE-2026-1722MEDIUMWCFM Marketplace <= 3.7.0 - Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request CreationEPSS 0.3%CVE-2025-15147MEDIUMWCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.11.8 - Insecure Direct Object Reference to Update Membership PaymentEPSS 0.3%CVE-2022-4938MEDIUMWCFM Frontend Manager <= 6.5.13 - Cross-Site Request ForgeryEPSS 0.2%CVE-2022-4936MEDIUMWCFM Marketplace <= 3.4.12 - Cross-Site Request ForgeryEPSS 0.2%CVE-2025-3780MEDIUMWCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.16 - Missing Authorization to Unauthenticated Plugin Settings ModificationEPSS 0.2%