Lucene search
K

11 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/09 11:23 p.m.6 views

CVE-2025-15147

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvmMembershipsPaymentController::processing' due to missing validation on a user controlled key...

4.3CVSS5.5AI score0.00256EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-52194

Malicious code in bioql PyPI...

7.3CVSS7.2AI score0.01084EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-52195

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00321EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 8:23 p.m.14 views

CVE-2022-4939

THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wpajaxnoprivwcfmajaxcontroller AJAX action that controls membership settings. This makes it possible for unauthenticated attackers to...

9.8CVSS6.8AI score0.02099EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:22 p.m.9 views

CVE-2022-4940

The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such ...

7.3CVSS6.6AI score0.01084EPSS
Exploits0References1
OSV
OSV
added 2023/04/05 7:15 p.m.4 views

CVE-2022-4939

THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wpajaxnoprivwcfmajaxcontroller AJAX action that controls membership settings. This makes it possible for unauthenticated attackers to...

9.8CVSS7.3AI score0.02099EPSS
Exploits0References2
NVD
NVD
added 2023/04/05 7:15 p.m.32 views

CVE-2022-4941

The WCFM Membership plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.10 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying membership...

8.8CVSS6.7AI score0.00321EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/04/05 6:0 p.m.14 views

CVE-2022-4941 WCFM Membership <= 2.9.10 - Cross-Site Request Forgery

The WCFM Membership plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.10 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying membership...

6.3CVSS7.2AI score0.00321EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/04/05 6:0 p.m.8 views

CVE-2022-4940 WCFM Membership <= 2.10.0 - Missing Authorization

The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such ...

7.3CVSS6.8AI score0.01084EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/04/05 6:0 p.m.12 views

CVE-2022-4939 WCFM Membership <= 2.10.0 - Unauthenticated Privilege Escalation

THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wpajaxnoprivwcfmajaxcontroller AJAX action that controls membership settings. This makes it possible for unauthenticated attackers to...

9.8CVSS7.2AI score0.02099EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/02 12:0 a.m.10 views

PT-2023-18684 · WordPress · Wcfm Membership

Name of the Vulnerable Software and Affected Versions: WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress versions up to, and including, 2.10.7 Description: The issue is related to Insecure Direct Object References, which allows user-controlled access to...

9.8CVSS9.3AI score0.01093EPSS
Exploits0References9
Rows per page
Query Builder