Vulnerabilities for Frontend manager for woocommerce along with bookings subscription listings compatible (...) - CXSECURITY.COM

Vulnerabilities for
'Frontend manager for woocommerce along with bookings subscription listings compatible'

2021-12-21

CVE-2021-24849

CWE-89

The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections

2021-11-08

CVE-2021-24835

CWE-89

The WCFM ??�??�?? Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawal_vendor parameter before using it in a SQL statement, allowing low privilege users such as Subscribers to perform SQL injection attacks

Copyright 2024, cxsecurity.com