WCFM – Frontend Manager for WooCommerce

Vulnerabilities 11Slug wc-frontend-managerLatest version 6.7.27WordPress.org →

Minimum safe version

6.7.26

Update to 6.7.26 or later to address 11 fixable vulnerabilities

Latest available6.7.27 ✓

High 8.1

2026-05-02< 6.7.26

CVE-2026-2554

CVE EUVD Wordfence

N/A

2026-02-09< 6.7.25

WCFM - WooCommerce Frontend Manager <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update

Wordfence CVE

N/A

2026-04-03< 6.7.26

WCFM - WooCommerce Frontend Manager <= 6.7.25 - Insecure Direct Object References to Autenticated (Vendor+) Arbitrary Post/Product Manipulation

Wordfence CVE

Low 2.7

2025-12-16< 6.7.25

CVE-2025-54004

CVE Wordfence

Medium 6.5

2025-07-08< 6.7.17

WordPress WCFM – Frontend Manager for WooCommerce Plugin <= 6.7.16 is vulnerable to Broken Access Control

Patchstack Wordfence EUVD CVE

High 8.8

2024-09-25< 6.7.13

CVE-2024-8290

CVE Patchstack Wordfence

Medium 5.9

2024-03-27< 6.7.9

CVE-2024-29929

CVE Wordfence Patchstack WPScan

High 8.8

2023-04-06< 6.6.1

WordPress WCFM – Frontend Manager for WooCommerce Plugin 6.6.0 is vulnerable to Broken Access Control

Patchstack CVE Wordfence WPScan

High 8.8

2023-04-06< 6.6.0

WordPress WCFM – Frontend Manager for WooCommerce Plugin <= 6.5.13 is vulnerable to Cross Site Request Forgery (CSRF)

Patchstack CVE Wordfence WPScan

N/A

2022-02-19< 6.6.2

WordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.6.1 - Unauthenticated SQL Injection (SQLi) vulnerability

Patchstack

High 8.8

2021-11-08< 6.5.12

CVE-2021-24835

CVE Patchstack Wordfence WPScan