HIGH
wclovers
CVE published 2026-07-08
CVE-2026-3688
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress has a vulnerability that allows authenticated attackers with vendor level access to change user roles. This is due to the 'wcfmvm_membership_change' AJAX action not validating user permission to modify other users. The vulnerability has a high CVSS score of 8.1 and is considered a high priority due to its potent [truncated]