cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-4960,https://securityvulnerability.io/vulnerability/CVE-2023-4960,Stored Cross-Site Scripting in WCFM Marketplace Plugin for WordPress,"The WCFM Marketplace plugin for WordPress contains a Stored Cross-Site Scripting vulnerability linked to the 'wcfm_stores' shortcode. This issue arises from inadequate sanitization and escaping of user-supplied data, allowing attackers with contributor-level permissions or higher to embed malicious web scripts. These scripts are executed in the browsers of users visiting the manipulated pages, posing serious security risks for both site administrators and users. Prompt action is required to mitigate these risks by updating to the latest plugin version.",Wordpress,WCFM Marketplace – Best Multivendor Marketplace for WooCommerce,5.4,MEDIUM,0.0006699999794363976,false,,false,false,false,,false,false,2024-01-11T08:33:09.984Z,0
CVE-2022-4936,https://securityvulnerability.io/vulnerability/CVE-2022-4936,Cross-Site Request Forgery Vulnerability in WCFM Marketplace Plugin for WordPress,"The WCFM Marketplace plugin for WordPress exposes users to a Cross-Site Request Forgery vulnerability due to inadequate nonce checks on various AJAX actions. This flaw permits unauthenticated attackers to exploit the system by sending forged requests. By tricking an administrator into executing certain actions, attackers can manipulate shipping methods, alter product details, delete posts, and potentially execute other harmful actions, posing significant risks to site integrity and security.",Wordpress,Wcfm Marketplace – Best Multivendor Marketplace For WooCommerce,6.3,MEDIUM,0.0017999999690800905,false,,false,false,false,,false,false,2023-04-05T17:27:54.412Z,0
CVE-2022-4935,https://securityvulnerability.io/vulnerability/CVE-2022-4935,Unauthorized Data Access in WCFM Marketplace Plugin for WordPress,"The WCFM Marketplace plugin for WordPress suffers from a critical security flaw that permits unauthorized modifications to data. This vulnerability stems from inadequate capability checks on various AJAX actions. As a result, attackers with minimal permissions, such as subscribers, can exploit this weakness to alter shipping methods, modify product details, delete arbitrary posts, and escalate privileges via specific AJAX functions. This significantly compromises the integrity of the affected installations and poses risks to sensitive data management.",Wordpress,Wcfm Marketplace – Best Multivendor Marketplace For WooCommerce,8.8,HIGH,0.0009500000160187483,false,,false,false,false,,false,false,2023-04-05T17:27:39.743Z,0
CVE-2021-24849,https://securityvulnerability.io/vulnerability/CVE-2021-24849,WCFM - WooCommerce Multivendor Marketplace < 3.4.12 - Unauthenticated SQL Injection,"The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections",Wordpress,Wcfm Marketplace – Best Multivendor Marketplace For WooCommerce,9.8,CRITICAL,0.04617999866604805,false,,false,false,false,,false,false,2021-12-21T08:45:32.000Z,0