WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible, CVE-2021-24835
- CVE, Research URL
- Home page URL
- Application
-
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible
- Published on
- Nov 08, 2021
- Research Description
- The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawal_vendor parameter before using it in a SQL statement, allowing low privilege users such as Subscribers to perform SQL injection attacks
- Affected versions
-
Min -, max 6.6.2.
- Status
-
vulnerable