cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-4938,https://securityvulnerability.io/vulnerability/CVE-2022-4938,Cross-Site Request Forgery Vulnerability in WCFM Frontend Manager for WordPress,"The WCFM Frontend Manager plugin for WordPress has a Cross-Site Request Forgery vulnerability due to insufficient nonce checks on multiple AJAX actions. This flaw allows unauthenticated attackers to exploit the system by tricking site administrators into performing unintended actions through manipulated requests. Attackers could modify various aspects of the site, including knowledge bases, notices, payments, and vendor management, thereby compromising site integrity. This vulnerability affects numerous AJAX endpoints within the affected versions, emphasizing the need for prompt remediation.",Wordpress,Wcfm – Frontend Manager For WooCommerce Along With Bookings Subscription Listings Compatible,6.3,MEDIUM,0.0017999999690800905,false,,false,false,false,,false,false,2023-04-05T17:40:31.804Z,0
CVE-2022-4937,https://securityvulnerability.io/vulnerability/CVE-2022-4937,Unauthorized Data Modification in WCFM Frontend Manager Plugin for WordPress,"The WCFM Frontend Manager plugin for WordPress exhibits a significant vulnerability due to insufficient capability checks on multiple AJAX actions. This issue permits authenticated users with lower-level permissions, such as subscribers, to access sensitive functionalities like modifying knowledge bases, notices, payments, and vendor management. The vulnerability impacts numerous AJAX endpoints, exposing a wide array of critical controls to potential misuse.",Wordpress,Wcfm – Frontend Manager For WooCommerce Along With Bookings Subscription Listings Compatible,6.3,MEDIUM,0.0017999999690800905,false,,false,false,false,,false,false,2023-04-05T17:40:18.027Z,0
CVE-2021-24835,https://securityvulnerability.io/vulnerability/CVE-2021-24835,WCFM - Frontend Manager for WooCommerce < 6.5.12 - Customer/Subscriber+ SQL Injection,"The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawal_vendor parameter before using it in a SQL statement, allowing low privilege users such as Subscribers to perform SQL injection attacks",Wordpress,Wcfm – Frontend Manager For WooCommerce Along With Bookings Subscription Listings Compatible,8.8,HIGH,0.001120000029914081,false,,false,false,false,,false,false,2021-11-08T17:35:31.000Z,0