Vulnerabilities > Wclovers > Wcfm Marketplace > 1.0.4

DATE CVE VULNERABILITY TITLE RISK
2024-01-11 CVE-2023-4960 Cross-site Scripting vulnerability in Wclovers Wcfm Marketplace
The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_stores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
wclovers CWE-79
5.4
5.4
2023-04-05 CVE-2022-4935 Missing Authorization vulnerability in Wclovers Wcfm Marketplace
The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 3.4.11 due to missing capability checks on various AJAX actions.
network
low complexity
wclovers CWE-862
8.8
8.8
2023-04-05 CVE-2022-4936 Unspecified vulnerability in Wclovers Wcfm Marketplace
The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.11 due to missing nonce checks on various AJAX actions.
network
low complexity
wclovers
8.8
8.8