Lucene search
+L

79 matches found

NVD
NVD
added 2026/07/11 7:16 a.m.8 views

CVE-2026-12126

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Attachment 'posttitle' in all versions up to, and including, 3.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.0021EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/11 5:35 a.m.41 views

CVE-2026-12126 WCFM Marketplace <= 3.7.3 - Authenticated (Vendor+) Stored Cross-Site Scripting via Attachment 'post_title'

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Attachment 'posttitle' in all versions up to, and including, 3.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.0021EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/11 5:35 a.m.9 views

EUVD-2026-43158

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Attachment 'posttitle' in all versions up to, and including, 3.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6.2AI score0.0021EPSS
Exploits0References8
CVE
CVE
added 2026/07/11 5:35 a.m.19 views

CVE-2026-12126

CVE-2026-12126 affects the WCFM Marketplace plugin for WordPress (versions

6.4CVSS6.2AI score0.0021EPSS
Exploits0References8
CNVD
CNVD
added 2026/04/21 12:0 a.m.8 views

WordPress Plugin WCFM Marketplace SQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WCFM Marketplace suffers from a SQL injection vulnerability that stems from th...

7.6CVSS5.8AI score0.00271EPSS
Exploits0
EUVD
EUVD
added 2026/04/15 6:31 p.m.4 views

EUVD-2025-209485

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through 3.7.1...

7.6CVSS5.9AI score0.00271EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 5:17 p.m.5 views

CVE-2025-63029

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

7.6CVSS0.00271EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/15 4:21 p.m.4 views

CVE-2025-63029 WordPress WCFM Marketplace plugin <= 3.7.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through 3.7.1...

7.6CVSS5.9AI score0.00271EPSS
Exploits0References1
CVE
CVE
added 2026/04/15 4:21 p.m.21 views

CVE-2025-63029

Summary: CVE-2025-63029 is an SQL Injection vulnerability in the WordPress WCFM Marketplace plugin (also described as WC Lovers WCFM Marketplace) affecting versions up to 3.7.1. The root cause is improper neutralization of special elements in SQL commands. The NVD/CVE records confirm the issue an...

7.6CVSS5.8AI score0.00271EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.11 views

WordPress plugin WCFM Marketplace 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WCFM Marketplace suffers from a SQL injection vulnerability that stems from th...

7.6CVSS5.8AI score0.00271EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/10 7:27 a.m.4 views

CVE-2026-1722

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the wcfm-refund-requests-form AJAX controller. This...

5.3CVSS5.7AI score0.00294EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/10 7:27 a.m.26 views

CVE-2026-1722 WCFM Marketplace <= 3.7.0 - Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the wcfm-refund-requests-form AJAX controller. This...

5.3CVSS0.00294EPSS
Exploits0References4
CVE
CVE
added 2026/02/10 7:27 a.m.20 views

CVE-2026-1722

CVE-2026-1722 affects WCFM Marketplace – Multivendor Marketplace for WooCommerce (WordPress) versions up to 3.7.0. The root cause is missing authorization checks in the wcfm-refund-requests-form AJAX controller, enabling unauthenticated users to create arbitrary refund requests for any order/item...

5.3CVSS5.7AI score0.00294EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.6 views

WordPress plugin WCFM Marketplace – Multivendor Marketplace for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.8AI score0.00294EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/02/09 11:39 p.m.9 views

WordPress WCFM Marketplace plugin <= 3.7.0 - Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation vulnerability

Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation vulnerability discovered by Gibran Abdillah in WordPress Plugin WCFM Marketplace versions = 3.7.0...

5.3CVSS5.5AI score0.00294EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.5 views

CVE-2023-4960

The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfmstores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS5AI score0.00443EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/17 10:2 a.m.4 views

CVE-2025-64631

Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

4.9CVSS5.9AI score0.00298EPSS
Exploits0References1
NVD
NVD
added 2025/12/16 9:15 a.m.4 views

CVE-2025-64631

Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

4.9CVSS0.00298EPSS
Exploits0References1
CVE
CVE
added 2025/12/16 8:12 a.m.8 views

CVE-2025-64631

Technical details about CVE-2025-64631 are not publicly disclosed in the provided documents. The initial description notes a missing authorization issue in WC Lovers WCFM Marketplace up to version 3.7.1, but no vendor/product/version data beyond that is supplied here.

4.9CVSS5.9AI score0.00298EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/16 8:12 a.m.2 views

CVE-2025-64631 WordPress WCFM Marketplace plugin <= 3.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

4.9CVSS5.1AI score0.00298EPSS
Exploits0References1
Rows per page
Query Builder