What the vulnerability does
01Description
Missing Authorization vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce wc-frontend-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through <= 6.7.24.
Explanation of Vulnerability in Simple Terms
02Summary
WCFM – Frontend Manager for WooCommerce versions up to 6.7.24 contain an authorization bypass that allows high-privilege users to cause a denial of service. The vulnerability stems from missing authorization checks on certain administrative functions. An attacker with high-level site access can trigger the flaw to temporarily disrupt site availability.
What an attacker can do
03Attacker Capabilities
Cause temporary unavailability of the site by triggering a denial-of-service condition.
Potential impact on your site
04Site Impact
Site administrators or malicious insiders can temporarily take the site offline without leaving obvious audit trails.
Conditions required to exploit
05Prerequisites
Attacker must have high-level administrative privileges on the WordPress site.
Key dates
06Disclosure timeline
December 16, 2025
CVE published
April 28, 2026
Record updated