5 matches found
CVE-2026-1722
The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the wcfm-refund-requests-form AJAX controller. This...
CVE-2026-1722 WCFM Marketplace <= 3.7.0 - Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation
The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the wcfm-refund-requests-form AJAX controller. This...
PT-2026-7240
The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the wcfm-refund-requests-form AJAX controller. This...
Threat Outbreak Alert RuleID22419: Email Messages Distributing Malicious Software on April 22, 2016
Medium Alert ID: 44790 First Published: 2016 April 22 13:48 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID22419 may contain the following files: Name | Si...
Threat Outbreak Alert: Fake Refund Form Notification Email Messages on February 11, 2014.
Medium Alert ID: 32820 First Published: 2014 February 13 17:08 GMT Version: 1 Summary Cisco Security has detected significant activity related to Italian-language spam email messages that claim to contain a refund form for the recipient. The text in the email message attempts to convince the...