Tag

Woocommerce

4 briefs RSS

WordPress WCFM Plugin Vulnerable to IDOR Leading to Account Deletion

The WCFM plugin for WordPress is vulnerable to an Insecure Direct Object Reference (IDOR) that allows authenticated attackers with Vendor-level access or higher to delete arbitrary users, including administrators.

WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin <= 6.7.25 idor wordpress woocommerce account-deletion

2r 1t 1c 2d ago

high advisory

WooCommerce Ajax Product Filter Plugin Vulnerable to SQL Injection (CVE-2026-3396)

2 rules 1 TTP 1 CVE

The WCAPF - WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection (CVE-2026-3396) due to insufficient escaping and SQL query preparation, allowing unauthenticated attackers to extract sensitive information from the database in versions up to 4.2.3.

woocommerce sqli cve-2026-3396 wordpress plugin

2r 1t 1c 3w ago

high advisory

Product Feed PRO for WooCommerce Plugin CSRF Vulnerability (CVE-2026-3499)

3 rules 1 TTP 1 CVE

The Product Feed PRO for WooCommerce WordPress plugin (versions 13.4.6-13.5.2.1) is vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing unauthenticated attackers to perform administrative actions by tricking an administrator into clicking a malicious link.

wordpress woocommerce csrf cve-2026-3499

3r 1t 1c 3w ago

critical advisory

ReviewX WordPress Plugin Arbitrary Method Call Vulnerability

2 rules 1 TTP

The ReviewX WordPress plugin is vulnerable to arbitrary method calls, allowing unauthenticated attackers to potentially achieve remote code execution.

wordpress woocommerce reviewx rce vulnerability

2r 1t Mar 24, 2026