CVE-2025-3780
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcfm_redirect_to_setup function in all versions up to, and including, 6.7.16. This makes it possible for unauthenticated attackers to view and modify the plugin settings, including payment details and API keys
| Software | From | Fixed in |
|---|---|---|
| wclovers / frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible | - | 6.7.17 |
- https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.16/core/class-wcfm-admin.php#L74
- https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.16/core/class-wcfm-admin.php#L81
- https://www.wordfence.com/threat-intel/vulnerabilities/id/26a82493-a6a5-4d8e-8322-942925a54cc3?source=cve
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime