A vulnerability categorized as critical has been discovered in wclovers WCFM Plugin up to 6.7.27 on WordPress. Impacted is an unknown function of the component Product Archive. Such manipulation leads to improper control of resource identifiers.
This vulnerability is documented as CVE-2026-10041. The attack can be executed remotely. There is not any exploit available.