WCFM Marketplace – Multivendor Marketplace for WooCommerce

Vulnerabilities 8Slug wc-multivendor-marketplaceLatest version 3.7.2WordPress.org →

Minimum safe version

3.7.1

Update to 3.7.1 or later to address 6 fixable vulnerabilities

Latest available3.7.2 ✓⚠ 2 vulnerabilities have no fix

High 7.6 Unfixed

2026-04-15≤ 3.7.1

WordPress WCFM Marketplace plugin <= 3.7.1 - SQL Injection vulnerability

N/A

2026-02-09< 3.7.1

WCFM Marketplace <= 3.7.0 - Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation

Medium 4.9 Unfixed

2025-12-16≤ 3.7.1

CVE-2025-64631

High 7.1

2024-09-17< 3.6.12

CVE-2024-44009

Medium 5.4

2024-01-11< 3.6.3

CVE-2023-4960

High 8.8

2023-04-06< 3.4.12

WordPress WCFM Marketplace Plugin <= 3.4.11 is vulnerable to Broken Access Control

High 8.8

2023-04-06< 3.5.0

WordPress WCFM Marketplace Plugin <= 3.4.12 is vulnerable to Cross Site Request Forgery (CSRF)

Critical 9.8

2021-12-21< 3.4.12

CVE-2021-24849