WCFM Marketplace
WC Lovers
Developer
3.7.1
Latest version
10,000
Installations
No date
Last updated
Vulnerability history
1 present
6 patched
3 Mitigation rules
- Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation vulnerability<= 3.7.009/02/2026
- Broken Access Control vulnerability<= 3.7.115/12/2025
- Reflected Cross Site Scripting (XSS) vulnerability<= 3.6.1116/09/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 3.6.227/11/2023
- Missing Authorization vulnerability<= 3.4.1106/04/2023
- Cross-Site Request Forgery vulnerability<= 3.4.1206/04/2023
- Unauthenticated SQL Injection (SQLi) vulnerability<= 3.4.1122/11/2021