Lucene search
K

96 matches found

cnnvd
cnnvd
added 2026/04/08 12:0 a.m.10 views

WordPress plugin PZ Frontend Manager 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/04/08 12:0 a.m.7 views

PT-2026-31093

Name of the Vulnerable Software and Affected Versions PZ Frontend Manager plugin for WordPress versions up to and including 1.0.6 Description The PZ Frontend Manager plugin for WordPress is susceptible to a missing authorization issue. The pzfm user request action callback function, accessible...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References10
redhatcve
redhatcve
added 2026/04/05 10:55 a.m.9 views

CVE-2026-4896

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...

8.1CVSS5.9AI score0.00351EPSS
Exploits0References1
euvd
euvd
added 2026/04/04 9:30 a.m.12 views

EUVD-2026-18981

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...

8.1CVSS5.9AI score0.00351EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/04/04 7:42 a.m.4 views

CVE-2026-4896 WCFM - WooCommerce Frontend Manager <= 6.7.25 - Insecure Direct Object References to Autenticated (Vendor+) Arbitrary Post/Product Manipulation

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...

8.1CVSS5.9AI score0.00351EPSS
Exploits0References3
cve
cve
added 2026/04/04 7:42 a.m.24 views

CVE-2026-4896

The CVE-2026-4896 entry concerns the WCFM – Frontend Manager for WooCommerce plugin with the Bookings Subscription Listings Compatible extension for WordPress, affected up to version 6.7.25. The vulnerability is an Insecure Direct Object Reference (IDOR) affecting authenticated users with Vendor-...

8.1CVSS5.9AI score0.00351EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/04/04 12:0 a.m.9 views

WordPress plugin WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The WordPres...

8.1CVSS5.8AI score0.00351EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/04/04 12:0 a.m.5 views

PT-2026-30313

Name of the Vulnerable Software and Affected Versions WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress versions up to and including 6.7.25 Description The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription...

8.1CVSS5.8AI score0.00351EPSS
Exploits0References8
patchstack
patchstack
added 2026/04/03 11:16 p.m.4 views

WordPress WCFM - WooCommerce Frontend Manager plugin <= 6.7.25 - Insecure Direct Object References to Authenticated (Vendor+) Arbitrary Post/Product Manipulation vulnerability

WordPress WCFM - WooCommerce Frontend Manager plugin = 6.7.25 - Insecure Direct Object References to Authenticated Vendor+ Arbitrary Post/Product Manipulation vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin WCFM – Frontend Manager for...

8.1CVSS5.9AI score0.00351EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2026/03/26 3:8 p.m.5 views

CVE-2026-2375

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.5.10. This is due to the verifyrole function in AuthTrails.php explicitly whitelisting the wcfmvendor role alongside subscriber and...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/02/11 1:33 a.m.6 views

CVE-2026-0845

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'WCFMSettingsController::processing' function in...

7.2CVSS5.7AI score0.00436EPSS
Exploits0References1
nvd
nvd
added 2026/02/10 12:16 a.m.7 views

CVE-2026-0845

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'WCFMSettingsController::processing' function in...

7.2CVSS0.00436EPSS
Exploits0References4
patchstack
patchstack
added 2026/02/09 11:33 p.m.6 views

WordPress WCFM - WooCommerce Frontend Manager plugin <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update vulnerability

WordPress WCFM - WooCommerce Frontend Manager plugin = 6.7.24 - Authenticated Shop Manager+ Arbitrary Options Update vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin WCFM – Frontend Manager for WooCommerce versions...

7.2CVSS5.5AI score0.00436EPSS
Exploits0References1Affected Software1
attackerkb
attackerkb
added 2026/02/09 11:23 p.m.4 views

CVE-2026-0845

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'WCFMSettingsController::processing' function in...

7.2CVSS5.7AI score0.00436EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/02/09 11:23 p.m.2 views

CVE-2026-0845 WCFM - WooCommerce Frontend Manager <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'WCFMSettingsController::processing' function in...

7.2CVSS5.7AI score0.00436EPSS
Exploits0References4
cve
cve
added 2026/02/09 11:23 p.m.20 views

CVE-2026-0845

The CVE affects the WordPress ecosystem: WCFM – Frontend Manager for WooCommerce with the Bookings Subscription Listings Compatible plugin for WordPress. It has a missing capability check in WCFM_Settings_Controller::processing across all versions up to and including 6.7.24, allowing authenticate...

7.2CVSS5.7AI score0.00436EPSS
Exploits0References4
cvelist
cvelist
added 2026/02/09 11:23 p.m.38 views

CVE-2026-0845 WCFM - WooCommerce Frontend Manager <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'WCFMSettingsController::processing' function in...

7.2CVSS0.00436EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/02/09 12:0 a.m.14 views

PT-2026-7196

Name of the Vulnerable Software and Affected Versions WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress versions up to and including 6.7.24 Description The software contains a flaw that allows unauthorized modification of data,...

7.2CVSS5.6AI score0.00436EPSS
Exploits0References9
patchstack
patchstack
added 2026/01/15 10:31 a.m.4 views

WordPress WooCommerce Frontend Manager – Ultimate plugin < 6.7.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WooCommerce Frontend Manager – Ultimate versions 6.7.7...

5.9AI score0.00347EPSS
Exploits0Affected Software1
redhatcve
redhatcve
added 2025/12/17 10:3 a.m.4 views

CVE-2025-54004

Missing Authorization vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce wc-frontend-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through = 6.7.24...

2.7CVSS5.9AI score0.00266EPSS
Exploits0References1
Rows per page
Query Builder