Vulnerabilities > Wclovers > Frontend Manager FOR Woocommerce Along With Bookings Subscription Listings Compatible > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-21	CVE-2021-24849	Unspecified vulnerability in Wclovers Frontend Manager for Woocommerce Along With Bookings Subscription Listings Compatible The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections network low complexity wclovers critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.