3 matches found
WordPress WCFM Marketplace Plugin <= 3.4.11 is vulnerable to Broken Access Control
Software WCFM Marketplace Type Plugin Vulnerable versions = 3.4.11 Fixed in 3.4.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4935 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID a8f99e67f24d Credits Chloe Chamberland Require...
CVE-2022-4935 WCFM Marketplace <= 3.4.11 - Missing Authorization
The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 3.4.11 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as...
CVE-2022-4935
CVE-2022-4935 affects the WordPress plugin “WCFM Marketplace” up to version 3.4.11. The root cause is missing capability checks on various AJAX actions, enabling authenticated users with low privileges (e.g., subscribers) to perform actions like modifying shipping method details, modifying produc...