All 5 CVE vulnerabilities found in WCFM Membership – WooCommerce Memberships for Multivendor Marketplace, with AI-generated Chinese analysis, references, and POCs.
Vendor: wclovers
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-15147 | WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.11.8 - Insecure Direct Object Reference to Update Membership Payment CWE-639 | 4.3 | Medium | 2026-02-09 |
| CVE-2023-2276 | WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password Change CWE-639 | 9.8 | Critical | 2023-05-20 |
| CVE-2022-4941 | WCFM Membership <= 2.9.10 - Cross-Site Request Forgery CWE-352 | 6.3 | Medium | 2023-04-05 |
| CVE-2022-4940 | WCFM Membership <= 2.10.0 - Missing Authorization CWE-862 | 7.3 | High | 2023-04-05 |
| CVE-2022-4939 | WCFM Membership <= 2.10.0 - Unauthenticated Privilege Escalation CWE-862 | 9.8 | Critical | 2023-04-05 |
All 5 known CVE vulnerabilities affecting WCFM Membership – WooCommerce Memberships for Multivendor Marketplace with full Chinese analysis, references, and POCs where available.