cleantalk
Vulnerabilities and Security Researches

WCFM Marketplace – Best Multivendor Marketplace for WooCommerce, CVE-2025-63029

CVE, Research URL

CVE-2025-63029

Home page URL

Security reports for WCFM Marketplace – Best Multivendor Marketplace for WooCommerce

Application

WCFM Marketplace – Best Multivendor Marketplace for WooCommerce

Published on
Apr 15, 2026
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through <= 3.7.1.
Affected versions
max 3.7.1.
Status
vulnerable
Previous vulnerability researches
WCFM Marketplace &#8211; Best Multivendor Marketplace for WooCommerce (CVE-2025-63029) , Jun 14, 2026
WCFM Marketplace &#8211; Best Multivendor Marketplace for WooCommerce (CVE-2024-44009) , Sep 19, 2024
WCFM Marketplace &#8211; Best Multivendor Marketplace for WooCommerce (CVE-2026-1722) , Apr 15, 2026
WCFM Marketplace &#8211; Best Multivendor Marketplace for WooCommerce (CVE-2022-4936) , Jun 07, 2024
WCFM Marketplace &#8211; Best Multivendor Marketplace for WooCommerce (CVE-2022-4935) , Jun 07, 2024
New vulnerability
FAQ Manager For Divi, Gutenberg Block &amp; Shortcode (CVE-2023-33999) , Jun 14, 2026
TablePress &#8211; Tables in WordPress made easy (CVE-2023-33999) , Jun 14, 2026
Docket Cache &#8211; Object Cache Accelerator (CVE-2026-22492) , Jun 14, 2026
Advanced Classifieds &amp; Directory Pro (CVE-2023-33999) , Jun 14, 2026
Display Eventbrite Events (CVE-2023-33999) , Jun 14, 2026