CVE-2022-4937

The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as...

CVE-2019-11807

The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=updateattachmentwccm wccmdefaultkeysload parameter because of a nopriv registration and a lack of capabilities checks...

CVE-2019-11807

CVE-2019-11807 affects the WordPress plugin “WooCommerce Checkout Manager” (before version 4.3). The vulnerability allows unauthenticated users to delete media via an AJAX endpoint: wp-admin/admin-ajax.php?action=update_attachment_wccm with the wccm_default_keys_load parameter, caused by an insec...

CVE-2019-11807

The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=updateattachmentwccm wccmdefaultkeysload parameter because of a nopriv registration and a lack of capabilities checks...