VulnerAlert



WORDPRESS
17-07-2025 14:11

CVE-2025-3780 Vulnerabilidad documentada

Sin puntuación
Tags
#wordpress
#plugin
#data
#woocommerce
#list
#attackers
#authenticated
#vulnerable
#attack
#unauthorized
Descripción
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin WordPress is vulnerable to unauthorized modification of data due a missing capability check on the wcfm_redirect_to_setup function in all versions up to, and including, 6.7.16. This makes it possible unauthenticated attackers view modify settings, including payment details API keys
https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.16/core/class-wcfm-admin.php#L74
https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.16/core/class-wcfm-admin.php#L81
https://www.wordfence.com/threat-intel/vulnerabilities/id/26a82493-a6a5-4d8e-8322-942925a54cc3?source=cve
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-3780
Resultados similares
Coincidentes en almenos en 50% de los tags
17-07-2025 CVE-2025-5678
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vu...
Ver información
17-07-2025 CVE-2025-4302
The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por