Lucene search
K

95 matches found

NVD
NVD
added 2025/12/16 9:15 a.m.5 views

CVE-2025-54004

Missing Authorization vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce wc-frontend-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through = 6.7.24...

2.7CVSS0.00266EPSS
Exploits0References1
CVE
CVE
added 2025/12/16 8:12 a.m.8 views

CVE-2025-54004

CVE-2025-14998 (Branda – White Label & Branding, Free Login Page Customizer) is a confirmed WordPress vulnerability with unauthenticated privilege escalation via account takeover. Wordfence coverage notes a critical flaw (CVSS 9.8) affecting Branda versions

2.7CVSS5.9AI score0.00266EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/16 8:12 a.m.3 views

CVE-2025-54004 WordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.7.24 - Broken Access Control vulnerability

Missing Authorization vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce wc-frontend-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through = 6.7.24...

2.7CVSS5.9AI score0.00266EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/16 8:12 a.m.33 views

CVE-2025-54004 WordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.7.24 - Broken Access Control vulnerability

Missing Authorization vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce wc-frontend-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through = 6.7.24...

2.7CVSS0.00266EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.5 views

WordPress plugin WCFM – Frontend Manager for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

2.7CVSS6.7AI score0.00266EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.4 views

PT-2025-51379

Name of the Vulnerable Software and Affected Versions WC Lovers WCFM – Frontend Manager for WooCommerce versions through 6.7.21 Description An authorization issue exists in WC Lovers WCFM – Frontend Manager for WooCommerce. The issue involves incorrectly configured access control security levels,...

2.6CVSS6.4AI score0.00266EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/12/15 1:30 p.m.6 views

WordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.7.24 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin WCFM – Frontend Manager for WooCommerce versions = 6.7.24...

2.6CVSS7AI score0.00266EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-52191

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00643EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-52192

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00248EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/11 12:25 a.m.15 views

CVE-2025-3780

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcfmredirecttosetup function in all versions up to, and including, 6.7.16. This makes i...

6.5CVSS7AI score0.00247EPSS
Exploits0References1
OSV
OSV
added 2025/07/09 12:15 a.m.11 views

CVE-2025-3780

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcfmredirecttosetup function in all versions up to, and including, 6.7.16. This makes i...

6.5CVSS5.8AI score0.00247EPSS
Exploits0References3
CVE
CVE
added 2025/07/08 11:22 p.m.41 views

CVE-2025-3780

The CVE-2025-3780 entry concerns the WordPress plugins “WCFM – Frontend Manager for WooCommerce” and “Bookings Subscription Listings Compatible” (WP). All versions up to 6.7.16 are affected due to a missing authorization check in the wcfm_redirect_to_setup function, enabling unauthenticated attac...

6.5CVSS6.4AI score0.00247EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.8 views

WordPress plugin WCFM - Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. WordPress plugin WCFM - Frontend Manager for WooCommerce...

6.5CVSS5.8AI score0.00247EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:3 a.m.6 views

CVE-2024-29929

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce allows Stored XSS.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through 6.7.8...

5.9CVSS8.6AI score0.00353EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:59 a.m.8 views

CVE-2024-6244

The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.8AI score0.02836EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:35 a.m.7 views

CVE-2022-4937

The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as...

8.8CVSS6.5AI score0.00643EPSS
Exploits0References1
NVD
NVD
added 2024/09/25 7:15 a.m.18 views

CVE-2024-8290

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFMCustomersManageController::processing function due to missing validation...

8.8CVSS0.00603EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/09/25 1:31 a.m.9 views

WordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.7.12 - Insecure Direct Object Reference to Account Takeover/Privilege Escalation vulnerability

Insecure Direct Object Reference to Account Takeover/Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin WCFM – Frontend Manager for WooCommerce versions = 6.7.12...

8.8CVSS7AI score0.00603EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/09/25 12:0 a.m.18 views

WordPress WCFM – Frontend Manager for WooCommerce Plugin <= 6.7.12 is vulnerable to Privilege Escalation

Software WCFM – Frontend Manager for WooCommerce Type Plugin Vulnerable versions = 6.7.12 Fixed in 6.7.13 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8290 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID...

8.8CVSS6.6AI score0.00603EPSS
Exploits0References3Affected Software1
Wordfence Blog
Wordfence Blog
added 2024/09/24 6:2 p.m.17 views

20,000 WordPress Sites Affected by Privilege Escalation Vulnerability in WCFM – WooCommerce Frontend Manager WordPress Plugin

📢 Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearche...

8.8CVSS8.6AI score0.00603EPSS
Exploits0
Rows per page
Query Builder