WordPress Plugin Vulnerabilities

WCFM Marketplace <= 3.6.17 - Missing Authorization

Description

The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 3.6.17. This makes it possible for authenticated attackers, with store vendor-level access and above, to perform an unauthorized action.

Affects Plugins

References

Classification

Type
NO AUTHORISATION
CWE

Miscellaneous

Original Researcher
benzdeus
Verified
No

Timeline

Publicly Published
2025-12-15 (about 6 months ago)
Added
2025-12-19 (about 6 months ago)
Last Updated
2026-07-01 (about 3 days ago)

Other