CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/27 9:49 a.m.•3 views

CVE-2026-42753 WordPress WCFM Membership plugin <= 2.11.10 - Broken Access Control vulnerability

7.3CVSS5.8AI score0.00047EPSS

Cvelist•added 2026/05/27 9:49 a.m.•23 views

CVE-2026-42753 WordPress WCFM Membership plugin <= 2.11.10 - Broken Access Control vulnerability

7.3CVSS0.00047EPSS

CNNVD•added 2026/05/27 12:0 a.m.•3 views

WordPress plugin WCFM Membership 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.3CVSS5.8AI score0.00047EPSS

ATTACKERKB•added 2026/02/09 11:23 p.m.•2 views

CVE-2025-15147

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvmMembershipsPaymentController::processing' due to missing validation on a user controlled key...

4.3CVSS5.5AI score0.00012EPSS

9.8CVSS9.3AI score0.00224EPSS

EUVD-2023-33782

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00234EPSS

EUVD-2022-52195

Malicious code in bioql PyPI...

Exploits0References3

9.8CVSS9.2AI score0.20319EPSS

EUVD-2022-52193

Malicious code in bioql PyPI...

Exploits0References2

7.3CVSS7.2AI score0.04192EPSS

EUVD-2022-52194

Malicious code in bioql PyPI...

RedhatCVE•added 2025/05/23 1:48 a.m.•5 views

CVE-2023-2276

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization an...

9.8CVSS6.8AI score0.00224EPSS

RedhatCVE•added 2025/05/23 12:27 a.m.•4 views

CVE-2022-4941

The WCFM Membership plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.10 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying membership...

8.8CVSS6.6AI score0.00234EPSS

RedhatCVE•added 2025/02/05 8:23 p.m.•9 views

CVE-2022-4939

THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wpajaxnoprivwcfmajaxcontroller AJAX action that controls membership settings. This makes it possible for unauthenticated attackers to...

9.8CVSS6.8AI score0.20319EPSS

RedhatCVE•added 2025/02/05 8:22 p.m.•5 views

CVE-2022-4940

The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such ...

7.3CVSS6.6AI score0.04192EPSS

NVD•added 2023/05/20 4:15 a.m.•12 views

CVE-2023-2276

9.8CVSS9.5AI score0.00224EPSS

OSV•added 2023/05/20 4:15 a.m.•1 views

CVE-2023-2276

9.8CVSS5.8AI score

Prion•added 2023/05/20 4:15 a.m.•7 views

Authorization

7.5CVSS9.3AI score0.00224EPSS

Exploits0References4Affected Software1

Cvelist•added 2023/05/20 3:35 a.m.•13 views

CVE-2023-2276 WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password Change

9.8CVSS9.6AI score0.00224EPSS