Frontend Manager for WooCommerce
by WordPress
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-24835 | Hig | 0.57 | 8.8 | 0.01 | Nov 8, 2021 | The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the… | ||
| CVE-2024-8290 | Hig | 0.50 | 8.8 | 0.01 | Sep 25, 2024 | The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFM_Customers_Manage_Controller::processing function… | ||
| CVE-2025-3780 | Med | 0.42 | 6.5 | 0.00 | Jul 9, 2025 | The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcfm_redirect_to_setup function in all versions up to, and… | ||
| CVE-2026-0845 | Hig | 0.40 | 7.2 | 0.00 | Feb 10, 2026 | The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the… | ||
| CVE-2026-22335 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate < 6.7.7 versions. |
- risk 0.57cvss 8.8epss 0.01
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the…
- risk 0.50cvss 8.8epss 0.01
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFM_Customers_Manage_Controller::processing function…
- risk 0.42cvss 6.5epss 0.00
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcfm_redirect_to_setup function in all versions up to, and…
- risk 0.40cvss 7.2epss 0.00
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the…
- CVE-2026-22335Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate < 6.7.7 versions.