Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wclovers — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting wclovers. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by wclovers:WCFM – Frontend Manager for WooCommerceWCFM Membership – WooCommerce Memberships for Multivendor MarketplaceWCFM Marketplace – Multivendor Marketplace for WooCommerceWCFM – Multivendor Marketplace REST API for WooCommerceWCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible
CVE IDTitleCVSSSeverityPublished
CVE-2026-4896 WCFM - WooCommerce Frontend Manager <= 6.7.25 - Insecure Direct Object References to Autenticated (Vendor+) Arbitrary Post/Product Manipulation — WCFM – Frontend Manager for WooCommerceCWE-639 8.1 High2026-04-04
CVE-2026-1722 WCFM Marketplace <= 3.7.0 - Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation — WCFM Marketplace – Multivendor Marketplace for WooCommerceCWE-862 5.3 Medium2026-02-10
CVE-2025-15147 WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.11.8 - Insecure Direct Object Reference to Update Membership Payment — WCFM Membership – WooCommerce Memberships for Multivendor MarketplaceCWE-639 4.3 Medium2026-02-09
CVE-2026-0845 WCFM - WooCommerce Frontend Manager <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update — WCFM – Frontend Manager for WooCommerceCWE-862 7.2 High2026-02-09
CVE-2025-3780 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.16 - Missing Authorization to Unauthenticated Plugin Settings Modification — WCFM – Frontend Manager for WooCommerceCWE-862 6.5 Medium2025-07-08
CVE-2025-1311 WooCommerce Multivendor Marketplace – REST API <= 1.6.2 - Authenticated (Subscriber+) SQL Injection — WCFM – Multivendor Marketplace REST API for WooCommerceCWE-89 6.5 Medium2025-03-22
CVE-2024-8290 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.12 - Insecure Direct Object Reference to Account Takeover/Privilege Escalation — WCFM – Frontend Manager for WooCommerceCWE-639 8.8 High2024-09-25
CVE-2023-4960 WCFM Marketplace <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — WCFM Marketplace – Multivendor Marketplace for WooCommerceCWE-79 6.4 Medium2024-01-11
CVE-2023-2275 WooCommerce Multivendor Marketplace – REST API <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order/Order Note Disclosure, Order Note Addition via REST API — WCFM – Multivendor Marketplace REST API for WooCommerceCWE-862 4.3 Medium2023-06-09
CVE-2023-2276 WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password Change — WCFM Membership – WooCommerce Memberships for Multivendor MarketplaceCWE-639 9.8 Critical2023-05-20
CVE-2022-4941 WCFM Membership <= 2.9.10 - Cross-Site Request Forgery — WCFM Membership – WooCommerce Memberships for Multivendor MarketplaceCWE-352 6.3 Medium2023-04-05
CVE-2022-4940 WCFM Membership <= 2.10.0 - Missing Authorization — WCFM Membership – WooCommerce Memberships for Multivendor MarketplaceCWE-862 7.3 High2023-04-05
CVE-2022-4939 WCFM Membership <= 2.10.0 - Unauthenticated Privilege Escalation — WCFM Membership – WooCommerce Memberships for Multivendor MarketplaceCWE-862 9.8 Critical2023-04-05
CVE-2022-4938 WCFM Frontend Manager <= 6.5.13 - Cross-Site Request Forgery — WCFM – Frontend Manager for WooCommerceCWE-352 6.3 Medium2023-04-05
CVE-2022-4937 WordPress plugin Frontend Manager 安全漏洞 — WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible 6.3 Medium2023-04-05
CVE-2022-4936 WCFM Marketplace <= 3.4.12 - Cross-Site Request Forgery — WCFM Marketplace – Multivendor Marketplace for WooCommerceCWE-352 6.3 Medium2023-04-05
CVE-2022-4935 WCFM Marketplace <= 3.4.11 - Missing Authorization — WCFM Marketplace – Multivendor Marketplace for WooCommerceCWE-89 8.8 High2023-04-05

This page lists every published CVE security advisory associated with wclovers. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.