Wclovers Wcfm Marketplace – Multivendor Marketplace For Woocommerce
4 CVEs affecting Wclovers Wcfm Marketplace – Multivendor Marketplace For Woocommerce. Latest disclosed: 2026-02-10. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-4935 | High | 8.8 | 2023-04-05 | The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 3.4.11 due to missing… |
CVE-2023-4960 | Medium | 6.4 | 2024-01-11 | The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_stores' shortcode in versions up to, and including, 3.6.2 due… |
CVE-2022-4936 | Medium | 6.3 | 2023-04-05 | The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.11 due to missing nonce checks on v… |
CVE-2026-1722 | Medium | 5.3 | 2026-02-10 | The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, an… |