All 4 CVE vulnerabilities found in WCFM Marketplace – Multivendor Marketplace for WooCommerce, with AI-generated Chinese analysis, references, and POCs.
Vendor: wclovers
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1722 | WCFM Marketplace <= 3.7.0 - Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation CWE-862 | 5.3 | Medium | 2026-02-10 |
| CVE-2023-4960 | WCFM Marketplace <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 | 6.4 | Medium | 2024-01-11 |
| CVE-2022-4936 | WCFM Marketplace <= 3.4.12 - Cross-Site Request Forgery CWE-352 | 6.3 | Medium | 2023-04-05 |
| CVE-2022-4935 | WCFM Marketplace <= 3.4.11 - Missing Authorization CWE-89 | 8.8 | High | 2023-04-05 |
All 4 known CVE vulnerabilities affecting WCFM Marketplace – Multivendor Marketplace for WooCommerce with full Chinese analysis, references, and POCs where available.