Lucene search
K

75 matches found

CNVD
CNVD
added 2026/04/21 12:0 a.m.7 views

WordPress Plugin WCFM Marketplace SQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WCFM Marketplace suffers from a SQL injection vulnerability that stems from th...

7.6CVSS5.8AI score0.00271EPSS
Exploits0
EUVD
EUVD
added 2026/04/15 6:31 p.m.4 views

EUVD-2025-209485

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through 3.7.1...

7.6CVSS5.9AI score0.00271EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 5:17 p.m.5 views

CVE-2025-63029

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

7.6CVSS0.00271EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/15 4:21 p.m.4 views

CVE-2025-63029 WordPress WCFM Marketplace plugin <= 3.7.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through 3.7.1...

7.6CVSS5.9AI score0.00271EPSS
Exploits0References1
CVE
CVE
added 2026/04/15 4:21 p.m.16 views

CVE-2025-63029

Summary: CVE-2025-63029 is an SQL Injection vulnerability in the WordPress WCFM Marketplace plugin (also described as WC Lovers WCFM Marketplace) affecting versions up to 3.7.1. The root cause is improper neutralization of special elements in SQL commands. The NVD/CVE records confirm the issue an...

7.6CVSS5.8AI score0.00271EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.9 views

WordPress plugin WCFM Marketplace 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WCFM Marketplace suffers from a SQL injection vulnerability that stems from th...

7.6CVSS5.8AI score0.00271EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/10 7:27 a.m.24 views

CVE-2026-1722 WCFM Marketplace <= 3.7.0 - Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the wcfm-refund-requests-form AJAX controller. This...

5.3CVSS0.00294EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/10 7:27 a.m.4 views

CVE-2026-1722

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the wcfm-refund-requests-form AJAX controller. This...

5.3CVSS5.7AI score0.00294EPSS
Exploits0References5
CVE
CVE
added 2026/02/10 7:27 a.m.16 views

CVE-2026-1722

CVE-2026-1722 affects WCFM Marketplace – Multivendor Marketplace for WooCommerce (WordPress) versions up to 3.7.0. The root cause is missing authorization checks in the wcfm-refund-requests-form AJAX controller, enabling unauthenticated users to create arbitrary refund requests for any order/item...

5.3CVSS5.7AI score0.00294EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.6 views

WordPress plugin WCFM Marketplace – Multivendor Marketplace for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.8AI score0.00294EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/02/09 11:39 p.m.8 views

WordPress WCFM Marketplace plugin <= 3.7.0 - Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation vulnerability

Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation vulnerability discovered by Gibran Abdillah in WordPress Plugin WCFM Marketplace versions = 3.7.0...

5.3CVSS5.5AI score0.00294EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.3 views

CVE-2023-4960

The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfmstores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS5AI score0.00443EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/17 10:2 a.m.2 views

CVE-2025-64631

Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

4.9CVSS5.9AI score0.00287EPSS
Exploits0References1
NVD
NVD
added 2025/12/16 9:15 a.m.2 views

CVE-2025-64631

Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

4.9CVSS0.00287EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/16 8:12 a.m.1 views

CVE-2025-64631 WordPress WCFM Marketplace plugin <= 3.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

4.9CVSS5.1AI score0.00287EPSS
Exploits0References1
CVE
CVE
added 2025/12/16 8:12 a.m.7 views

CVE-2025-64631

Technical details about CVE-2025-64631 are not publicly disclosed in the provided documents. The initial description notes a missing authorization issue in WC Lovers WCFM Marketplace up to version 3.7.1, but no vendor/product/version data beyond that is supplied here.

4.9CVSS5.9AI score0.00287EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.4 views

PT-2025-51402

Name of the Vulnerable Software and Affected Versions WCFM Marketplace versions through 3.6.15 Description An authorization issue exists in WC Lovers WCFM Marketplace wc-multivendor-marketplace, allowing exploitation due to incorrectly configured access control security levels. The issue allows...

5CVSS6.5AI score0.00287EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/12/15 1:30 p.m.4 views

WordPress WCFM Marketplace plugin <= 3.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin WCFM Marketplace versions = 3.7.1...

5CVSS5.4AI score0.00287EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-54796

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00443EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-13296

Malicious code in bioql PyPI...

7.3CVSS8AI score0.00281EPSS
Exploits0References6
Rows per page
Query Builder