Wclovers Frontend Manager Woocommerce Along With Bookings Subscription Listings Compatible
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Wclovers Frontend Manager Woocommerce Along With Bookings Subscription Listings Compatible.
By the Year
In 2026 there have been 0 vulnerabilities in Wclovers Frontend Manager Woocommerce Along With Bookings Subscription Listings Compatible. Last year, in 2025 Frontend Manager Woocommerce Along With Bookings Subscription Listings Compatible had 1 security vulnerability published. Right now, Frontend Manager Woocommerce Along With Bookings Subscription Listings Compatible is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 6.50 |
| 2024 | 1 | 8.80 |
| 2023 | 2 | 7.55 |
| 2022 | 0 | 0.00 |
| 2021 | 2 | 9.30 |
It may take a day or so for new Frontend Manager Woocommerce Along With Bookings Subscription Listings Compatible vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Wclovers Frontend Manager Woocommerce Along With Bookings Subscription Listings Compatible Security Vulnerabilities
Unauth data modification in WCFM Frontend Manager <=6.7.16
CVE-2025-3780
6.5 - Medium
- July 09, 2025
The WCFM Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcfm_redirect_to_setup function in all versions up to, and including, 6.7.16. This makes it possible for unauthenticated attackers to view and modify the plugin settings, including payment details and API keys
AuthZ
IDOR via Missing ID Validation in WCFM Frontend Manager <= 6.7.12
CVE-2024-8290
8.8 - High
- September 25, 2024
The WCFM Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFM_Customers_Manage_Controller::processing function due to missing validation on the ID user controlled key. This makes it possible for authenticated attackers, with subscriber/customer-level access and above, to change the email address of administrator user accounts which allows them to reset the password and access the administrator account.
Insecure Direct Object Reference / IDOR
WCFM Frontend Manager WP Plugin v6.6.0 AJAX CSRF Unauth Requests
CVE-2022-4938
6.3 - Medium
- April 05, 2023
The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.6.0 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying knowledge bases, modifying notices, modifying payments, managing vendors, capabilities, and so much more, via a forged request granted they can trick a site's administrator into performing an action such as clicking on a link. There were hundreds of AJAX endpoints affected.
Session Riding
WCFM Frontend Manager plugin (6.6.0) Auth AJAX Endpoint Mispermission
CVE-2022-4937
8.8 - High
- April 05, 2023
The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to perform a wide variety of actions such as modifying knowledge bases, modifying notices, modifying payments, managing vendors, capabilities, and so much more. There were hundreds of AJAX endpoints affected.
AuthZ
The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12
CVE-2021-24849
9.8 - Critical
- December 21, 2021
The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections
SQL Injection
The WCFM â Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawal_vendor parameter before using it in a SQL statement
CVE-2021-24835
8.8 - High
- November 08, 2021
The WCFM â Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawal_vendor parameter before using it in a SQL statement, allowing low privilege users such as Subscribers to perform SQL injection attacks
SQL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Wclovers Frontend Manager Woocommerce Along With Bookings Subscription Listings Compatible or by Wclovers? Click the Watch button to subscribe.
