On August 28th, 2024, we received a submission for a Privilege Escalation via Account Takeover vulnerability in WCFM – WooCommerce Frontend Manager, a WordPress plugin with more than 20,000 active installations. This vulnerability makes it possible for an authenticated attacker to change the email of any user, including an administrator, which allows them to reset the password and take over the account and website
The post 20,000 WordPress Sites Affected by Privilege Escalation Vulnerability in WCFM – WooCommerce Frontend Manager WordPress Plugin appeared first on Wordfence.
This article has been indexed from Blog – Wordfence