The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.10. This is due to the 'wcfmvm_membership_change' AJAX action not validating user permission to modify other users. This makes it possible for authenticated attackers, with vendor level access and above, to change any user's role to 'wcfm_vendor' by changing their membership plan.
Metrics
Affected Vendors & Products
References
History
Fri, 10 Jul 2026 03:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Wclovers
Wclovers wcfm Membership – Woocommerce Memberships For Multivendor Marketplace Wordpress Wordpress wordpress |
|
| Vendors & Products |
Wclovers
Wclovers wcfm Membership – Woocommerce Memberships For Multivendor Marketplace Wordpress Wordpress wordpress |
Wed, 08 Jul 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.10. This is due to the 'wcfmvm_membership_change' AJAX action not validating user permission to modify other users. This makes it possible for authenticated attackers, with vendor level access and above, to change any user's role to 'wcfm_vendor' by changing their membership plan. | |
| Title | WCFM - WooCommerce Multivendor Membership <= 2.11.10 - Insecure Direct Object Reference to Limited Privilege Escalation via User Role Overwrite | |
| Weaknesses | CWE-639 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Wordfence
Published: 2026-07-08T11:35:40.708Z
Updated: 2026-07-08T15:01:02.908Z
Reserved: 2026-03-06T23:43:39.850Z
Link: CVE-2026-3688
Updated: 2026-07-08T15:00:58.906Z
No data.
No data.