CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/02/11 1:33 a.m.•11 views

CVE-2025-15147

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvmMembershipsPaymentController::processing' due to missing validation on a user controlled key...

NVD•added 2026/02/10 12:16 a.m.•4 views

CVE-2025-15147

4.3CVSS0.00256EPSS

CNNVD•added 2026/02/10 12:0 a.m.•3 views

WordPress plugin WCFM Membership 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.3CVSS5.8AI score0.00256EPSS

CNNVD•added 2026/02/10 12:0 a.m.•3 views

WordPress plugin WCFM Marketplace – Multivendor Marketplace for WooCommerce 安全漏洞

5.3CVSS5.8AI score0.00294EPSS

Exploits0References5

Patchstack•added 2026/02/09 11:32 p.m.•5 views

WordPress WCFM Membership - WooCommerce Memberships for Multivendor Marketplace plugin <= 2.11.8 - Insecure Direct Object Reference to Update Membership Payment vulnerability

WordPress WCFM Membership - WooCommerce Memberships for Multivendor Marketplace plugin = 2.11.8 - Insecure Direct Object Reference to Update Membership Payment vulnerability discovered by Jing Xuan Sun in WordPress Plugin WCFM Membership versions = 2.11.8...

Exploits0References1Affected Software1

Vulnrichment•added 2026/02/09 11:23 p.m.•2 views

CVE-2025-15147 WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.11.8 - Insecure Direct Object Reference to Update Membership Payment

CVE•added 2026/02/09 11:23 p.m.•9 views

CVE-2025-15147

CVE-2025-15147 affects the WCFM Membership – WooCommerce Memberships for Multivendor Marketplace WordPress plugin. The vulnerability is an Insecure Direct Object Reference in all versions up to 2.11.8, caused by missing validation on a user-controlled key in WCFMvm_Memberships_Payment_Controller:...

ATTACKERKB•added 2026/02/09 11:23 p.m.•3 views

CVE-2025-15147

Positive Technologies•added 2026/02/09 12:0 a.m.•4 views

PT-2026-7195

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvm Memberships Payment Controller::processing' due to missing validation on a user controlled...

Positive Technologies•added 2025/12/16 12:0 a.m.•2 views

PT-2025-51402

Name of the Vulnerable Software and Affected Versions WCFM Marketplace versions through 3.6.15 Description An authorization issue exists in WC Lovers WCFM Marketplace wc-multivendor-marketplace, allowing exploitation due to incorrectly configured access control security levels. The issue allows...

5CVSS6.5AI score0.00287EPSS

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-33781

Malicious code in bioql PyPI...

5.4CVSS6.7AI score0.00466EPSS

Exploits0References5

RedhatCVE•added 2025/05/23 6:7 a.m.•2 views

CVE-2023-34382

Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19...

8.8CVSS8.1AI score0.00535EPSS

RedhatCVE•added 2025/05/23 5:39 a.m.•4 views

CVE-2023-26525

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own...

8.1CVSS8.2AI score0.0057EPSS

RedhatCVE•added 2025/05/23 1:53 a.m.•6 views

CVE-2023-2275

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'getitem', 'getordernotes' and 'addordernote' functions in versions up to, and including, 1.5.3. This makes it possibl...

5.4CVSS6.4AI score0.00466EPSS

NVD•added 2025/03/22 7:15 a.m.•13 views

CVE-2025-1311

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in the updatedeliverystatus function in all versions up to, and including, 1.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.00338EPSS

Vulnrichment•added 2025/03/22 6:41 a.m.•9 views

CVE-2025-1311 WooCommerce Multivendor Marketplace – REST API <= 1.6.2 - Authenticated (Subscriber+) SQL Injection

6.5CVSS7.5AI score0.00338EPSS

CNNVD•added 2025/03/22 12:0 a.m.•2 views

WordPress plugin WooCommerce Multivendor Marketplace SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

6.5CVSS9.1AI score0.00338EPSS

Patchstack•added 2025/03/21 7:53 p.m.•5 views

WordPress WooCommerce Multivendor Marketplace – REST API plugin <= 1.6.2 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WooCommerce Multivendor Marketplace – REST API versions = 1.6.2...

6.5CVSS9.5AI score0.00338EPSS

Exploits0References1Affected Software1

OSV•added 2023/12/20 6:15 p.m.•2 views

CVE-2023-26525

8.1CVSS5.8AI score