CVE-2025-3780
BaseFortify
Publication date: 2025-07-09
Last updated on: 2025-07-17
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wclovers | frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible | to 6.7.17 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the WCFM β Frontend Manager for WooCommerce and Bookings Subscription Listings Compatible plugin for WordPress. It is caused by a missing capability check in the wcfm_redirect_to_setup function, allowing unauthenticated attackers to view and modify plugin settings, including sensitive information like payment details and API keys.
How can this vulnerability impact me? :
The vulnerability can allow unauthorized attackers to access and change critical plugin settings without authentication. This can lead to exposure or manipulation of payment details and API keys, potentially resulting in financial loss, data breaches, or further compromise of the affected WordPress site.