Vendor IDOR in WCFM Frontend Manager for WooCommerce
WCFM Frontend Manager for WooCommerce is the dashboard lots of multi-vendor marketplaces sit on top of. It gives each vendor a front-end area to manage their own products, orders and content without ever touching wp-admin. Versions up to and including 6.7.25 had a set of matching authorisation bugs in that dashboard that let any logged-in vendor reach well beyond their own shop. CVE-2026-4896 covers the lot.
6 April 2026
Read moreMissing Authorisation in Product Filter for WooCommerce Lets Anyone Delete Your Filter Data
Product Filter for WooCommerce: unauthorised attackers can delete all filter configurations. Learn about CVE-2026-3138 and protect your store now.
2 April 2026
Read moreUnauthenticated Privilege Escalation in User Registration plugin
There's a critical unauthenticated privilege escalation vulnerability in the User Registration & Membership WordPress plugin.
31 March 2026
Read more