215 matches found
CVE-2022-4935 WCFM Marketplace <= 3.4.11 - Missing Authorization
The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 3.4.11 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as...
CVE-2022-4935 WCFM Marketplace <= 3.4.11 - Missing Authorization
The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 3.4.11 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as...
WCFM Membership < 2.10.1 - Unauthenticated Privilege Escalation
The plugin does not have authorisation in the wcfmajaxcontroller AJAX action, allowing unauthenticated attackers to change membership registration form and set the default role to administrator...
PT-2023-15924 · WordPress · Wcfm Frontend Manager
Name of the Vulnerable Software and Affected Versions: WCFM Frontend Manager plugin for WordPress versions up to, and including, 6.6.0 Description: The issue allows unauthenticated attackers to perform various actions, such as modifying knowledge bases, notices, payments, managing vendors, and...
PT-2023-15925 · WordPress · Wcfm Membership
Name of the Vulnerable Software and Affected Versions: WCFM Membership plugin for WordPress versions up to, and including 2.10.0 Description: The issue is related to a missing capability check on the wp ajax nopriv wcfm ajax controller AJAX action, which controls membership settings. This allows...
WCFM Membership < 2.10.0 - Multiple CSRF
The plugin does not have CSRF checks in various AJAX actions, allowing attackers to make logged in admins call them and modify membership details/renewal information etc via CSRF attacks...
WCFM Frontend Manager < 6.6.1 - Subscriber+ Unauthorised AJAX Calls
The plugin does not have authorisation in various AJAX actions, allowing any authenticated users, such as subscriber to call them and modify knowledge bases/notices/payments, manage vendors etc...
WordPress plugin WCFM Marketplace 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2023-15922 · WordPress · Wcfm Marketplace
Name of the Vulnerable Software and Affected Versions: WCFM Marketplace plugin for WordPress versions up to and including 3.4.11 Description: The issue allows unauthenticated attackers to perform various actions, such as modifying shipping method details, modifying products, and deleting arbitrar...
WCFM Frontend Manager < 6.6.0 - Multiple CSRF
The plugin does not have CSRF checks in numerous AJAX actions, allowing any attackers to make logged in admin modify knowledge bases/notices/payments, manage vendors/capabilities etc via CSRF attacks...
WCFM Marketplace < 3.4.12 - Subscriber+ Unauthorised AJAX Calls
The plugin does not have authorisation in various AJAX actions, allowing any authenticated users, such as subscriber to call them and modify shipping method details/products, delete arbitrary posts, as well as lead to privilege escalation...
PT-2023-15926
Name of the Vulnerable Software and Affected Versions WCFM Membership plugin for WordPress versions up to, and including, 2.10.0 Description The issue allows unauthorized modification and access of data due to missing capability checks on various AJAX actions. This enables unauthenticated attacke...
WCFM Marketplace < 3.5.0 - Multiple CSRF
The plugin does not have CSRF in various AJAX actions, allowing attackers to make logged in admin modify shipping method details/products, delete arbitrary posts, etc via CSRF attacks...
WordPress plugin WCFM Marketplace 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2023-15927 · WordPress · Wcfm Membership
Name of the Vulnerable Software and Affected Versions: WCFM Membership plugin for WordPress versions up to, and including, 2.9.10 Description: The issue allows unauthenticated attackers to perform various actions, such as modifying membership details, changing renewal information, controlling...
WCFM Membership < 2.10.1 - Unauthenticated AJAX Calls
The plugin does not have authorisation in various AJAX actions, allowing unauthenticated attackers to call them and modify membership details/renewal information etc...
PT-2023-15923 · WordPress · Wcfm Frontend Manager
Name of the Vulnerable Software and Affected Versions: WCFM Frontend Manager plugin for WordPress versions up to and including 6.6.0 Description: The issue allows authenticated attackers with minimal permissions to perform various actions due to missing capability checks on several AJAX actions...
PT-2023-18684 · WordPress · Wcfm Membership
Name of the Vulnerable Software and Affected Versions: WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress versions up to, and including, 2.10.7 Description: The issue is related to Insecure Direct Object References, which allows user-controlled access to...
WordPress Better Messages – WCFM Integration plugin <= 1.0.5 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Better Messages – WCFM Integration plugin versions = 1.0.5. Solution Update the WordPress Better Messages – WCFM Integration plugin to the latest available version at least 1.0.6...
WordPress Better Messages – WCFM Integration plugin <= 1.0.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Better Messages – WCFM Integration plugin versions = 1.0.5. Solution Update the WordPress Better Messages – WCFM Integration plugin to the latest available version at least 1.0.6...