Lucene search
K

215 matches found

Cvelist
Cvelist
added 2023/04/05 5:27 p.m.29 views

CVE-2022-4935 WCFM Marketplace <= 3.4.11 - Missing Authorization

The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 3.4.11 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as...

8.8CVSS8.8AI score0.00723EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/05 5:27 p.m.7 views

CVE-2022-4935 WCFM Marketplace <= 3.4.11 - Missing Authorization

The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 3.4.11 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as...

8.8CVSS7.3AI score0.00723EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2023/04/05 12:0 a.m.21 views

WCFM Membership < 2.10.1 - Unauthenticated Privilege Escalation

The plugin does not have authorisation in the wcfmajaxcontroller AJAX action, allowing unauthenticated attackers to change membership registration form and set the default role to administrator...

9.8CVSS9AI score0.02099EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.6 views

PT-2023-15924 · WordPress · Wcfm Frontend Manager

Name of the Vulnerable Software and Affected Versions: WCFM Frontend Manager plugin for WordPress versions up to, and including, 6.6.0 Description: The issue allows unauthenticated attackers to perform various actions, such as modifying knowledge bases, notices, payments, managing vendors, and...

8.8CVSS8.8AI score0.00248EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.8 views

PT-2023-15925 · WordPress · Wcfm Membership

Name of the Vulnerable Software and Affected Versions: WCFM Membership plugin for WordPress versions up to, and including 2.10.0 Description: The issue is related to a missing capability check on the wp ajax nopriv wcfm ajax controller AJAX action, which controls membership settings. This allows...

9.8CVSS9.2AI score0.02099EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2023/04/05 12:0 a.m.12 views

WCFM Membership < 2.10.0 - Multiple CSRF

The plugin does not have CSRF checks in various AJAX actions, allowing attackers to make logged in admins call them and modify membership details/renewal information etc via CSRF attacks...

8.8CVSS8.6AI score0.00321EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/05 12:0 a.m.15 views

WCFM Frontend Manager < 6.6.1 - Subscriber+ Unauthorised AJAX Calls

The plugin does not have authorisation in various AJAX actions, allowing any authenticated users, such as subscriber to call them and modify knowledge bases/notices/payments, manage vendors etc...

8.8CVSS8.6AI score0.00643EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2023/04/05 12:0 a.m.8 views

WordPress plugin WCFM Marketplace 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

8.8CVSS8.1AI score0.00321EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.7 views

PT-2023-15922 · WordPress · Wcfm Marketplace

Name of the Vulnerable Software and Affected Versions: WCFM Marketplace plugin for WordPress versions up to and including 3.4.11 Description: The issue allows unauthenticated attackers to perform various actions, such as modifying shipping method details, modifying products, and deleting arbitrar...

8.8CVSS8.9AI score0.00248EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2023/04/05 12:0 a.m.19 views

WCFM Frontend Manager < 6.6.0 - Multiple CSRF

The plugin does not have CSRF checks in numerous AJAX actions, allowing any attackers to make logged in admin modify knowledge bases/notices/payments, manage vendors/capabilities etc via CSRF attacks...

8.8CVSS8.7AI score0.00248EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/05 12:0 a.m.33 views

WCFM Marketplace < 3.4.12 - Subscriber+ Unauthorised AJAX Calls

The plugin does not have authorisation in various AJAX actions, allowing any authenticated users, such as subscriber to call them and modify shipping method details/products, delete arbitrary posts, as well as lead to privilege escalation...

8.8CVSS8.8AI score0.00723EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.7 views

PT-2023-15926

Name of the Vulnerable Software and Affected Versions WCFM Membership plugin for WordPress versions up to, and including, 2.10.0 Description The issue allows unauthorized modification and access of data due to missing capability checks on various AJAX actions. This enables unauthenticated attacke...

7.3CVSS7AI score0.01084EPSS
Exploits0References9
WPVulnDB
WPVulnDB
added 2023/04/05 12:0 a.m.19 views

WCFM Marketplace < 3.5.0 - Multiple CSRF

The plugin does not have CSRF in various AJAX actions, allowing attackers to make logged in admin modify shipping method details/products, delete arbitrary posts, etc via CSRF attacks...

8.8CVSS8.8AI score0.00248EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2023/04/05 12:0 a.m.7 views

WordPress plugin WCFM Marketplace 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

8.8CVSS8.1AI score0.00248EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.8 views

PT-2023-15927 · WordPress · Wcfm Membership

Name of the Vulnerable Software and Affected Versions: WCFM Membership plugin for WordPress versions up to, and including, 2.9.10 Description: The issue allows unauthenticated attackers to perform various actions, such as modifying membership details, changing renewal information, controlling...

8.8CVSS8.8AI score0.00321EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2023/04/05 12:0 a.m.20 views

WCFM Membership < 2.10.1 - Unauthenticated AJAX Calls

The plugin does not have authorisation in various AJAX actions, allowing unauthenticated attackers to call them and modify membership details/renewal information etc...

7.3CVSS7.1AI score0.01084EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.6 views

PT-2023-15923 · WordPress · Wcfm Frontend Manager

Name of the Vulnerable Software and Affected Versions: WCFM Frontend Manager plugin for WordPress versions up to and including 6.6.0 Description: The issue allows authenticated attackers with minimal permissions to perform various actions due to missing capability checks on several AJAX actions...

8.8CVSS8.8AI score0.00643EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/03/02 12:0 a.m.10 views

PT-2023-18684 · WordPress · Wcfm Membership

Name of the Vulnerable Software and Affected Versions: WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress versions up to, and including, 2.10.7 Description: The issue is related to Insecure Direct Object References, which allows user-controlled access to...

9.8CVSS9.3AI score0.01093EPSS
Exploits0References9
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.13 views

WordPress Better Messages – WCFM Integration plugin <= 1.0.5 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Better Messages – WCFM Integration plugin versions = 1.0.5. Solution Update the WordPress Better Messages – WCFM Integration plugin to the latest available version at least 1.0.6...

3.3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.15 views

WordPress Better Messages – WCFM Integration plugin <= 1.0.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Better Messages – WCFM Integration plugin versions = 1.0.5. Solution Update the WordPress Better Messages – WCFM Integration plugin to the latest available version at least 1.0.6...

4AI score
Exploits0References2Affected Software1
Rows per page
Query Builder