| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-0845 | WCFM - WooCommerce Frontend Manager <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update | wclovers | WCFM – Frontend Manager for WooCommerce | High | 7.2 | 2026-02-09 23:23:28 | Deep Dive |
| CVE-2025-7689 | Hydra Booking 1.1.0 - 1.1.18 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via tfhb_reset_password_callback Function | themefic | Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings | High | 8.8 | 2025-07-29 09:23:46 | Deep Dive |
| CVE-2025-3780 | WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.16 - Missing Authorization to Unauthenticated Plugin Settings Modification | wclovers | WCFM – Frontend Manager for WooCommerce | Medium | 6.5 | 2025-07-08 23:22:49 | Deep Dive |
| CVE-2024-8290 | WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.12 - Insecure Direct Object Reference to Account Takeover/Privilege Escalation | wclovers | WCFM – Frontend Manager for WooCommerce | High | 8.8 | 2024-09-25 06:49:01 | Deep Dive |
| CVE-2024-31117 | WordPress WooCommerce Bookings Calendar plugin <= 1.0.36 - Cross Site Scripting (XSS) vulnerability | Moises Heberle | WooCommerce Bookings Calendar | Medium | 6.5 | 2024-03-31 18:51:17 | Deep Dive |
| CVE-2023-32747 | WordPress WooCommerce Bookings Plugin <= 1.15.78 is vulnerable to Insecure Direct Object References (IDOR) | WooCommerce | WooCommerce Bookings | Medium | 5.4 | 2023-12-21 18:18:28 | Deep Dive |
| CVE-2023-47787 | WordPress WooCommerce Bookings Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF) | WooCommerce | WooCommerce Bookings | Medium | 4.3 | 2023-12-18 15:30:52 | Deep Dive |
| CVE-2022-4938 | WCFM Frontend Manager <= 6.5.13 - Cross-Site Request Forgery | wclovers | WCFM – Frontend Manager for WooCommerce | Medium | 6.3 | 2023-04-05 17:40:32 | Deep Dive |
| CVE-2022-4937 | WordPress plugin Frontend Manager 安全漏洞 | wclovers | WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible | Medium | 6.3 | 2023-04-05 17:40:18 | Deep Dive |
| CVE-2021-24835 | WCFM - Frontend Manager for WooCommerce < 6.5.12 - Customer/Subscriber+ SQL Injection | Unknown | WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible | 高危 | - | 2021-11-08 17:35:31 | Deep Dive |