- EPSS 0.02%
- Veröffentlicht 16.12.2025 08:12:50
- Zuletzt bearbeitet 16.12.2025 14:10:11
Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through <= 3.6.15.
CVE-2024-44009
- EPSS 0.3%
- Veröffentlicht 17.09.2024 23:15:19
- Zuletzt bearbeitet 24.09.2024 22:06:15
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WC Lovers WCFM Marketplace allows Reflected XSS.This issue affects WCFM Marketplace: from n/a through 3.6.10.
CVE-2023-4960
- EPSS 0.16%
- Veröffentlicht 11.01.2024 09:15:46
- Zuletzt bearbeitet 03.06.2025 14:15:32
The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_stores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This ma...
CVE-2022-4935
- EPSS 0.07%
- Veröffentlicht 05.04.2023 18:15:07
- Zuletzt bearbeitet 21.11.2024 07:36:17
The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 3.4.11 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attack...
CVE-2022-4936
- EPSS 0.08%
- Veröffentlicht 05.04.2023 18:15:07
- Zuletzt bearbeitet 21.11.2024 07:36:17
The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.11 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide...