2 matches found
WordPress WCFM – Frontend Manager for WooCommerce Plugin 6.6.0 is vulnerable to Broken Access Control
Software WCFM – Frontend Manager for WooCommerce Type Plugin Vulnerable versions 6.6.0 Fixed in 6.6.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-4937 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID 5a74a2e3561b Credits Chloe...
CVE-2022-4937
CVE-2022-4937 affects the WCFM Frontend Manager plugin for WordPress. The root cause is missing capability checks on numerous AJAX actions, enabling authenticated users with minimal privileges (e.g., subscribers) to modify data across knowledge bases, notices, payments, vendors, and more. The iss...