cleantalk
Vulnerabilities and Security Researches

WCFM Marketplace – Best Multivendor Marketplace for WooCommerce, CVE-2021-24849

CVE, Research URL

CVE-2021-24849

Home page URL

Security reports for WCFM Marketplace – Best Multivendor Marketplace for WooCommerce

Application

WCFM Marketplace – Best Multivendor Marketplace for WooCommerce

Published on
Dec 21, 2021
Research Description
The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections
Affected versions
max 3.4.12.
Status
vulnerable
Previous vulnerability researches
WCFM Marketplace – Best Multivendor Marketplace for WooCommerce (CVE-2024-44009) , Sep 19, 2024
WCFM Marketplace – Best Multivendor Marketplace for WooCommerce (CVE-2026-1722) , Apr 15, 2026
WCFM Marketplace – Best Multivendor Marketplace for WooCommerce (CVE-2022-4936) , Jun 07, 2024
WCFM Marketplace – Best Multivendor Marketplace for WooCommerce (CVE-2022-4935) , Jun 07, 2024
WCFM Marketplace – Best Multivendor Marketplace for WooCommerce (CVE-2021-24849) , Jun 07, 2024
New vulnerability
VI: Include Post By (CVE-2026-5717) , Apr 17, 2026
Responsive Accordion Slider (CVE-2026-0635) , Apr 17, 2026
Petje.af (CVE-2026-4002) , Apr 17, 2026
LinkedIn SC (CVE-2026-0812) , Apr 17, 2026
Coachific Shortcode (CVE-2026-4005) , Apr 17, 2026