Frontend Manager for WooCommerce

Source repositories

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-4896	WordPress Wc Frontend Manager	Hig	0.53	8.1	0.00	Apr 4, 2026	The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including `wcfm_modify_order_status`,…
CVE-2026-0845	WCFM Frontend Manager for WooCommerce	Hig	0.40	7.2	0.00	Feb 10, 2026	The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the…
CVE-2025-54004	WCFM Frontend Manager for WooCommerce	Low	0.18	2.7	0.00	Dec 16, 2025	Missing Authorization vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce wc-frontend-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through <= 6.7.24.
CVE-2024-8290	WCFM Frontend Manager for WooCommerce		0.00	—	0.01	Sep 25, 2024	The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFM_Customers_Manage_Controller::processing function…

CVE-2026-4896HigApr 4, 2026
WordPress
Wc Frontend Manager
risk 0.53cvss 8.1epss 0.00
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including `wcfm_modify_order_status`,…
CVE-2026-0845HigFeb 10, 2026
WCFM
Frontend Manager for WooCommerce
risk 0.40cvss 7.2epss 0.00
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the…
CVE-2025-54004LowDec 16, 2025
WCFM
Frontend Manager for WooCommerce
risk 0.18cvss 2.7epss 0.00
Missing Authorization vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce wc-frontend-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through <= 6.7.24.
CVE-2024-8290Sep 25, 2024
WCFM
Frontend Manager for WooCommerce
risk 0.00cvss —epss 0.01
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFM_Customers_Manage_Controller::processing function…