WCFM – Frontend Manager for WooCommerce

WC Lovers

Developer

6.7.27

Latest version

20,000

Installations

No date

Last updated

WordPress Plugin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability history

0 present

10 patched

5 Mitigation rules

WordPress WCFM - WooCommerce Frontend Manager plugin <= 6.7.25 - Insecure Direct Object References to Authenticated (Vendor+) Arbitrary Post/Product Manipulation vulnerability
<= 6.7.25
03/04/2026
WordPress WCFM - WooCommerce Frontend Manager plugin <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update vulnerability
<= 6.7.24
09/02/2026
Broken Access Control vulnerability
<= 6.7.24
15/12/2025
Missing Authorization to Unauthenticated Plugin Settings Modification vulnerability
<= 6.7.16
08/07/2025
Insecure Direct Object Reference to Account Takeover/Privilege Escalation vulnerability
<= 6.7.12
25/09/2024
Cross Site Scripting (XSS) vulnerability
<= 6.7.8
25/03/2024
Missing Authorization vulnerability
6.6.0
06/04/2023
Cross-Site Request Forgery vulnerability
<= 6.5.13
06/04/2023
Unauthenticated SQL Injection (SQLi) vulnerability
<= 6.6.1
19/02/2022
SQL Injection (SQLi) vulnerability
<= 6.5.11
11/10/2021