PatchSiren

wclovers CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH wclovers CVE published 2026-07-08

CVE-2026-3688

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress has a vulnerability that allows authenticated attackers with vendor level access to change user roles. This is due to the 'wcfmvm_membership_change' AJAX action not validating user permission to modify other users. The vulnerability has a high CVSS score of 8.1 and is considered a high priority due to its potent [truncated]