CVE-2025-15147 | WCFM Membership Plugin up to 2.11.8 on WordPress processing resource injection

Inserito da Angelo Barbosa | Feb 9, 2026 | CVE

A vulnerability was found in WCFM Membership Plugin up to 2.11.8 on WordPress and classified as problematic. Affected is the function WCFMvm_Memberships_Payment_Controller::processing. Executing a manipulation can lead to improper control of resource identifiers.

This vulnerability is tracked as CVE-2025-15147. The attack can be launched remotely. No exploit exists.

CVE-2025-15147 | WCFM Membership Plugin up to 2.11.8 on WordPress processing resource injection

Post correlati

CVE-2024-32977 | OctoPrint up to 1.10.0 authentication spoofing (GHSA-2vjq-hg5w-5gm7)

CVE-2024-9461 | Total Upkeep Plugin up to 1.16.6 on WordPress Backup Setting Privilege Escalation

CVE-2025-66626 | argoproj argo-workflows ZIP File path traversal

CVE-2024-5467 | Zoho ManageEngine ADAudit Plus up to 8120 Account Lockout Report sql injection