Description
WordPress Plugin WCFM Membership-WooCommerce Memberships for Multivendor Marketplace is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin WCFM Membership-WooCommerce Memberships for Multivendor Marketplace version 2.9.10 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.10.0 or latest
References
Related Vulnerabilities
WordPress Plugin Browser Blocker Cross-Site Scripting (0.5.6)
WordPress Plugin Party Hall Booking Manager SQL Injection (1.1)
Apache Traffic Server Uncontrolled Resource Consumption Vulnerability (CVE-2018-8005)
WordPress Plugin ReFlex Gallery Arbitrary File Upload (3.1.3)
YOURLS Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2019-14537)