Lucene search
K

38 matches found

EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42220

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.10. This is due to the 'wcfmvmmembershipchange' AJAX action not validating user permission to modify other...

8.1CVSS5.9AI score0.00223EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/23 7:55 p.m.5 views

CVE-2025-63029

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

7.6CVSS5.8AI score0.00271EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/11 1:33 a.m.13 views

CVE-2025-15147

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvmMembershipsPaymentController::processing' due to missing validation on a user controlled key...

4.3CVSS5.5AI score0.00256EPSS
Exploits0References1
NVD
NVD
added 2026/02/10 12:16 a.m.6 views

CVE-2025-15147

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvmMembershipsPaymentController::processing' due to missing validation on a user controlled key...

4.3CVSS0.00256EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.6 views

WordPress plugin WCFM Marketplace – Multivendor Marketplace for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.8AI score0.00294EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.8 views

WordPress plugin WCFM Membership 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.3CVSS5.8AI score0.00256EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/09 11:32 p.m.8 views

WordPress WCFM Membership - WooCommerce Memberships for Multivendor Marketplace plugin <= 2.11.8 - Insecure Direct Object Reference to Update Membership Payment vulnerability

WordPress WCFM Membership - WooCommerce Memberships for Multivendor Marketplace plugin = 2.11.8 - Insecure Direct Object Reference to Update Membership Payment vulnerability discovered by Jing Xuan Sun in WordPress Plugin WCFM Membership versions = 2.11.8...

4.3CVSS5.5AI score0.00256EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/09 11:23 p.m.6 views

CVE-2025-15147

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvmMembershipsPaymentController::processing' due to missing validation on a user controlled key...

4.3CVSS5.5AI score0.00256EPSS
Exploits0References4
CVE
CVE
added 2026/02/09 11:23 p.m.12 views

CVE-2025-15147

CVE-2025-15147 affects the WCFM Membership – WooCommerce Memberships for Multivendor Marketplace WordPress plugin. The vulnerability is an Insecure Direct Object Reference in all versions up to 2.11.8, caused by missing validation on a user-controlled key in WCFMvm_Memberships_Payment_Controller:...

4.3CVSS5.5AI score0.00256EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/09 11:23 p.m.4 views

CVE-2025-15147 WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.11.8 - Insecure Direct Object Reference to Update Membership Payment

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvmMembershipsPaymentController::processing' due to missing validation on a user controlled key...

4.3CVSS5.5AI score0.00256EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.6 views

PT-2026-7195

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvm Memberships Payment Controller::processing' due to missing validation on a user controlled...

4.3CVSS5.5AI score0.00256EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.4 views

PT-2025-51402

Name of the Vulnerable Software and Affected Versions WCFM Marketplace versions through 3.6.15 Description An authorization issue exists in WC Lovers WCFM Marketplace wc-multivendor-marketplace, allowing exploitation due to incorrectly configured access control security levels. The issue allows...

5CVSS6.5AI score0.00287EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-33781

Malicious code in bioql PyPI...

5.4CVSS6.7AI score0.00466EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 6:7 a.m.4 views

CVE-2023-34382

Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19...

8.8CVSS8.1AI score0.00689EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.6 views

CVE-2023-26525

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own...

8.1CVSS8.2AI score0.0057EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:53 a.m.8 views

CVE-2023-2275

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'getitem', 'getordernotes' and 'addordernote' functions in versions up to, and including, 1.5.3. This makes it possibl...

5.4CVSS6.4AI score0.00466EPSS
Exploits0References1
NVD
NVD
added 2025/03/22 7:15 a.m.14 views

CVE-2025-1311

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in the updatedeliverystatus function in all versions up to, and including, 1.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.00363EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/22 6:41 a.m.9 views

CVE-2025-1311 WooCommerce Multivendor Marketplace – REST API <= 1.6.2 - Authenticated (Subscriber+) SQL Injection

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in the updatedeliverystatus function in all versions up to, and including, 1.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS7.5AI score0.00363EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/03/22 12:0 a.m.9 views

WordPress plugin WooCommerce Multivendor Marketplace SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

6.5CVSS9.1AI score0.00363EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/03/21 7:53 p.m.8 views

WordPress WooCommerce Multivendor Marketplace – REST API plugin <= 1.6.2 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WooCommerce Multivendor Marketplace – REST API versions = 1.6.2...

6.5CVSS9.5AI score0.00363EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder