Lucene search
K

10 matches found

NVD
NVD
added yesterday8 views

CVE-2026-3688

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.10. This is due to the 'wcfmvmmembershipchange' AJAX action not validating user permission to modify other...

8.1CVSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-3688

The CVE concerns the WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress. Affected: all versions up to 2.11.10. Root cause: the wcfmvm_membership_change AJAX action does not validate a user’s permission to modify other users, enabling an authenticated vendor...

8.1CVSS5.9AI score
Exploits0References2
Cvelist
Cvelist
added yesterday25 views

CVE-2026-3688 WCFM - WooCommerce Multivendor Membership <= 2.11.10 - Insecure Direct Object Reference to Limited Privilege Escalation via User Role Overwrite

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.10. This is due to the 'wcfmvmmembershipchange' AJAX action not validating user permission to modify other...

8.1CVSS
Exploits0References2
CVE
CVE
added 2026/05/27 9:49 a.m.40 views

CVE-2026-42753

CVE-2026-42753 affects the WordPress WC Lovers WCFM Membership wc-multivendor-membership plugin (

7.3CVSS5.8AI score0.00178EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/11 1:33 a.m.12 views

CVE-2025-15147

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvmMembershipsPaymentController::processing' due to missing validation on a user controlled key...

4.3CVSS5.5AI score0.00256EPSS
Exploits0References1
NVD
NVD
added 2026/02/10 12:16 a.m.6 views

CVE-2025-15147

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvmMembershipsPaymentController::processing' due to missing validation on a user controlled key...

4.3CVSS0.00256EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/09 11:23 p.m.4 views

CVE-2025-15147 WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.11.8 - Insecure Direct Object Reference to Update Membership Payment

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvmMembershipsPaymentController::processing' due to missing validation on a user controlled key...

4.3CVSS5.5AI score0.00256EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.6 views

PT-2026-7195

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvm Memberships Payment Controller::processing' due to missing validation on a user controlled...

4.3CVSS5.5AI score0.00256EPSS
Exploits0References4
NVD
NVD
added 2025/12/24 1:16 p.m.3 views

CVE-2025-67909

Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through = 3.0.3...

7.5CVSS0.00327EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/05/20 4:15 a.m.2 views

CVE-2023-2276

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization an...

9.8CVSS7.2AI score0.01093EPSS
Exploits0References5
Rows per page
Query Builder