Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wclovers — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting wclovers. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Wclovers is a software component primarily used for content management and web application development, with 18 CVEs documenting its security history. Common vulnerability classes include remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and access control flaws. The component has faced multiple critical vulnerabilities that allowed attackers to bypass authentication or execute arbitrary code, particularly in versions prior to 2020. Security researchers have noted inconsistent patching practices and delayed remediation timelines for some issues. While recent versions show improved security controls, the historical vulnerability pattern suggests developers should implement strict input validation and keep implementations current to mitigate risks.

Top products by wclovers: WCFM – Frontend Manager for WooCommerce WCFM Membership – WooCommerce Memberships for Multivendor Marketplace WCFM Marketplace – Multivendor Marketplace for WooCommerce WCFM – Multivendor Marketplace REST API for WooCommerce WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible
CVE IDTitleCVSSSeverityPublished
CVE-2026-2554 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.25 - Authenticated (Vendor+) Insecure Direct Object Reference to Arbitrary User Deletion — WCFM – Frontend Manager for WooCommerceCWE-639 8.1 High2026-05-02
CVE-2026-4896 WCFM - WooCommerce Frontend Manager <= 6.7.25 - Insecure Direct Object References to Autenticated (Vendor+) Arbitrary Post/Product Manipulation — WCFM – Frontend Manager for WooCommerceCWE-639 8.1 High2026-04-04
CVE-2026-1722 WCFM Marketplace <= 3.7.0 - Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation — WCFM Marketplace – Multivendor Marketplace for WooCommerceCWE-862 5.3 Medium2026-02-10
CVE-2025-15147 WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.11.8 - Insecure Direct Object Reference to Update Membership Payment — WCFM Membership – WooCommerce Memberships for Multivendor MarketplaceCWE-639 4.3 Medium2026-02-09
CVE-2026-0845 WCFM - WooCommerce Frontend Manager <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update — WCFM – Frontend Manager for WooCommerceCWE-862 7.2 High2026-02-09
CVE-2025-3780 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.16 - Missing Authorization to Unauthenticated Plugin Settings Modification — WCFM – Frontend Manager for WooCommerceCWE-862 6.5 Medium2025-07-08
CVE-2025-1311 WooCommerce Multivendor Marketplace – REST API <= 1.6.2 - Authenticated (Subscriber+) SQL Injection — WCFM – Multivendor Marketplace REST API for WooCommerceCWE-89 6.5 Medium2025-03-22
CVE-2024-8290 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.12 - Insecure Direct Object Reference to Account Takeover/Privilege Escalation — WCFM – Frontend Manager for WooCommerceCWE-639 8.8 High2024-09-25
CVE-2023-4960 WCFM Marketplace <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — WCFM Marketplace – Multivendor Marketplace for WooCommerceCWE-79 6.4 Medium2024-01-11
CVE-2023-2275 WooCommerce Multivendor Marketplace – REST API <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order/Order Note Disclosure, Order Note Addition via REST API — WCFM – Multivendor Marketplace REST API for WooCommerceCWE-862 4.3 Medium2023-06-09
CVE-2023-2276 WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password Change — WCFM Membership – WooCommerce Memberships for Multivendor MarketplaceCWE-639 9.8 Critical2023-05-20
CVE-2022-4941 WCFM Membership <= 2.9.10 - Cross-Site Request Forgery — WCFM Membership – WooCommerce Memberships for Multivendor MarketplaceCWE-352 6.3 Medium2023-04-05
CVE-2022-4940 WCFM Membership <= 2.10.0 - Missing Authorization — WCFM Membership – WooCommerce Memberships for Multivendor MarketplaceCWE-862 7.3 High2023-04-05
CVE-2022-4939 WCFM Membership <= 2.10.0 - Unauthenticated Privilege Escalation — WCFM Membership – WooCommerce Memberships for Multivendor MarketplaceCWE-862 9.8 Critical2023-04-05
CVE-2022-4938 WCFM Frontend Manager <= 6.5.13 - Cross-Site Request Forgery — WCFM – Frontend Manager for WooCommerceCWE-352 6.3 Medium2023-04-05
CVE-2022-4937 WordPress plugin Frontend Manager 安全漏洞 — WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible 6.3 Medium2023-04-05
CVE-2022-4936 WCFM Marketplace <= 3.4.12 - Cross-Site Request Forgery — WCFM Marketplace – Multivendor Marketplace for WooCommerceCWE-352 6.3 Medium2023-04-05
CVE-2022-4935 WCFM Marketplace <= 3.4.11 - Missing Authorization — WCFM Marketplace – Multivendor Marketplace for WooCommerceCWE-89 8.8 High2023-04-05

This page lists every published CVE security advisory associated with wclovers. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.