6 matches found
CVE-2026-3445
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership payment bypass in all versions up to, and including, 4.16.11. This is due to a missing ownership verification on...
WordPress WCFM Membership - WooCommerce Memberships for Multivendor Marketplace plugin <= 2.11.8 - Insecure Direct Object Reference to Update Membership Payment vulnerability
WordPress WCFM Membership - WooCommerce Memberships for Multivendor Marketplace plugin = 2.11.8 - Insecure Direct Object Reference to Update Membership Payment vulnerability discovered by Jing Xuan Sun in WordPress Plugin WCFM Membership versions = 2.11.8...
CVE-2025-15147 WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.11.8 - Insecure Direct Object Reference to Update Membership Payment
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvmMembershipsPaymentController::processing' due to missing validation on a user controlled key...
CVE-2025-15147
CVE-2025-15147 affects the WCFM Membership – WooCommerce Memberships for Multivendor Marketplace WordPress plugin. The vulnerability is an Insecure Direct Object Reference in all versions up to 2.11.8, caused by missing validation on a user-controlled key in WCFMvm_Memberships_Payment_Controller:...
PT-2026-7195
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvm Memberships Payment Controller::processing' due to missing validation on a user controlled...
CVE-2025-11835
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability and validation check on the PMSAJAXCheckoutHandler::processpayment function in all versions up t...