CVE-2025-15147 – WCFM Membership – WooCommerce Memberships for Multivendor Marketplace

CVE ID : CVE-2025-15147

Published : Feb. 9, 2026, 11:23 p.m. | 58 minutes ago

Description : The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the ‘WCFMvm_Memberships_Payment_Controller::processing’ due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify other users’ membership payments.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-24328 – Open Redirection vulnerability in Business Server Pages Application (TAF_APPLAUNCHER)

CVE-2026-24327 – Missing Authorization Check in SAP Strategic Enterprise Management (Balanced Scorecard in BSP Application)

CVE-2026-24326 – Missing authorization check in SAP S/4HANA Defense & Security (Disconnected Operations)

CVE-2026-24325 – Cross Site Scripting (XSS) vulnerability in SAP BusinessObjects Enterprise (Central Management Console)