The WCFM Membership plugin for WordPress up to version 2.9.10 is vulnerable to Cross-Site Request Forgery due to missing nonce checks, allowing unauthenticated attackers to perform malicious actions
Reporter | Title | Published | Views | Family All 6 |
---|---|---|---|---|
Prion | Cross site request forgery (csrf) | 5 Apr 202319:15 | – | prion |
NVD | CVE-2022-4941 | 5 Apr 202319:15 | – | nvd |
Patchstack | WordPress WCFM Membership Plugin <= 2.9.10 is vulnerable to Cross Site Request Forgery (CSRF) | 6 Apr 202300:00 | – | patchstack |
CVE | CVE-2022-4941 | 5 Apr 202319:15 | – | cve |
WPVulnDB | WCFM Membership < 2.10.0 - Multiple CSRF | 5 Apr 202300:00 | – | wpvulndb |
Wordfence Blog | Wordfence Intelligence Weekly WordPress Vulnerability Report (Apr 3, 2023 to Apr 9, 2023) | 13 Apr 202312:03 | – | wordfence |
[
{
"vendor": "wclovers",
"product": "WCFM Membership – WooCommerce Memberships for Multivendor Marketplace",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "2.9.10",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo