cleantalk
Vulnerabilities and Security Researches

WCFM Membership – WooCommerce Memberships for Multivendor Marketplace, CVE-2022-4941

CVE, Research URL

CVE-2022-4941

Home page URL

Security reports for WCFM Membership – WooCommerce Memberships for Multivendor Marketplace

Application

WCFM Membership – WooCommerce Memberships for Multivendor Marketplace

Published on
Apr 06, 2023
Research Description
The WCFM Membership plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.10 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying membership details, changing renewal information, controlling membership approvals, and more, via a forged request granted they can trick a site's administrator into performing an action such as clicking on a link.
Affected versions
max 2.10.1.
Status
vulnerable
Previous vulnerability researches
WCFM Membership – WooCommerce Memberships for Multivendor Marketplace (CVE-2025-15147) , Feb 27, 2026
WCFM Membership – WooCommerce Memberships for Multivendor Marketplace (CVE-2023-2276) , Jun 06, 2024
WCFM Membership – WooCommerce Memberships for Multivendor Marketplace (CVE-2022-4939) , Jun 06, 2024
WCFM Membership – WooCommerce Memberships for Multivendor Marketplace (CVE-2022-4940) , Jun 06, 2024
WCFM Membership – WooCommerce Memberships for Multivendor Marketplace (CVE-2022-4941) , Jun 06, 2024
New vulnerability
Visual Website Collaboration, Feedback & Project Management – Atarim (CVE-2026-25019) , Feb 27, 2026
Visual Website Collaboration, Feedback & Project Management – Atarim (CVE-2025-67993) , Feb 27, 2026
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress (CVE-2026-24965) , Feb 27, 2026
Nelio AB Testing (CVE-2026-25378) , Feb 27, 2026
VK All in One Expansion Unit (CVE-2025-11737) , Feb 27, 2026