95 matches found
CVE-2025-54004
Missing Authorization vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce wc-frontend-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through = 6.7.24...
CVE-2025-54004
CVE-2025-14998 (Branda – White Label & Branding, Free Login Page Customizer) is a confirmed WordPress vulnerability with unauthenticated privilege escalation via account takeover. Wordfence coverage notes a critical flaw (CVSS 9.8) affecting Branda versions
CVE-2025-54004 WordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.7.24 - Broken Access Control vulnerability
Missing Authorization vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce wc-frontend-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through = 6.7.24...
CVE-2025-54004 WordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.7.24 - Broken Access Control vulnerability
Missing Authorization vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce wc-frontend-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through = 6.7.24...
WordPress plugin WCFM – Frontend Manager for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-51379
Name of the Vulnerable Software and Affected Versions WC Lovers WCFM – Frontend Manager for WooCommerce versions through 6.7.21 Description An authorization issue exists in WC Lovers WCFM – Frontend Manager for WooCommerce. The issue involves incorrectly configured access control security levels,...
WordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.7.24 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin WCFM – Frontend Manager for WooCommerce versions = 6.7.24...
EUVD-2022-52191
Malicious code in bioql PyPI...
EUVD-2022-52192
Malicious code in bioql PyPI...
CVE-2025-3780
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcfmredirecttosetup function in all versions up to, and including, 6.7.16. This makes i...
CVE-2025-3780
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcfmredirecttosetup function in all versions up to, and including, 6.7.16. This makes i...
CVE-2025-3780
The CVE-2025-3780 entry concerns the WordPress plugins “WCFM – Frontend Manager for WooCommerce” and “Bookings Subscription Listings Compatible” (WP). All versions up to 6.7.16 are affected due to a missing authorization check in the wcfm_redirect_to_setup function, enabling unauthenticated attac...
WordPress plugin WCFM - Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. WordPress plugin WCFM - Frontend Manager for WooCommerce...
CVE-2024-29929
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce allows Stored XSS.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through 6.7.8...
CVE-2024-6244
The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2022-4937
The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as...
CVE-2024-8290
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFMCustomersManageController::processing function due to missing validation...
WordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.7.12 - Insecure Direct Object Reference to Account Takeover/Privilege Escalation vulnerability
Insecure Direct Object Reference to Account Takeover/Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin WCFM – Frontend Manager for WooCommerce versions = 6.7.12...
WordPress WCFM – Frontend Manager for WooCommerce Plugin <= 6.7.12 is vulnerable to Privilege Escalation
Software WCFM – Frontend Manager for WooCommerce Type Plugin Vulnerable versions = 6.7.12 Fixed in 6.7.13 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8290 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID...
20,000 WordPress Sites Affected by Privilege Escalation Vulnerability in WCFM – WooCommerce Frontend Manager WordPress Plugin
📢 Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearche...