Primary

Context

WCFM Frontend Manager for WooCommerce Unauthenticated Settings Modification Vulnerability

Vulnerability

Patched

A vulnerability exists in the WCFM Frontend Manager for WooCommerce plugin, specifically in versions through 6.7.16, that allows unauthenticated users to modify plugin settings. This issue arises from a missing capability check in the 'wcfm_redirect_to_setup' function, enabling unauthorized changes to sensitive information such as payment details and API keys.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in plugin settings, including sensitive payment information and API keys.

Remediation

Users are advised to update the plugin to version 6.7.17 or a newer patched version.

Added: Jul 9, 2025, 2:02 AM

Updated: Jul 9, 2025, 2:02 AM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

8.2

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

8.2

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WCFM Frontend Manager for WooCommerce Unauthenticated Settings Modification Vulnerability

Vulnerability

Impact

Remediation

Affected Products

WCFM – Frontend Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating