3 matches found
CVE-2021-24835
creationtimestamp| type| source ---|---|--- 2021-11-08 20:29:29+00:00| seen| https://t.me/cibsecurity/31999...
CVE-2021-24835 WCFM - Frontend Manager for WooCommerce < 6.5.12 - Customer/Subscriber+ SQL Injection
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawalvendor...
CVE-2021-24835
The CVE-2021-24835 entry concerns the WordPress plugin pair: WCFM – Frontend Manager for WooCommerce (versions before 6.5.12) together with WCFM – WooCommerce Multivendor/M marketplace. The flaw is failure to escape the withdrawal_vendor parameter before using it in a SQL statement, enabling SQL ...