CVE-2022-4935

Name of the Vulnerable Software and Affected Versions WCFM Marketplace plugin for WordPress versions up to, and including, 3.4.11

Description The issue allows authenticated attackers with minimal permissions to perform various actions, including modifying shipping method details, modifying products, deleting arbitrary posts, and privilege escalation via the "wp ajax wcfm vendor store online" AJAX action. This is due to missing capability checks on various AJAX actions.

Recommendations For versions up to, and including, 3.4.11, update to a version that includes the necessary capability checks to prevent unauthorized modification and access of data.