CVE-2025-54004
Missing Authorization vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce wc-frontend-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through <= 6.7.24.
-
exploitation prediction scoring system. probability this vulnerability will be exploited in the wild in the next 30 days.
cvss
common vulnerability scoring system v3.1. measures intrinsic severity on a 0-10 scale.
epss
0.0003
kev
no
cisa known exploited vulnerabilities catalog. confirmed active exploitation.
CVSS 3.1
Common Vulnerability Scoring System v3.1
2.6
/ 10
LOW
exploitability
Attack Vector
Network
Attack Vector (AV:N): exploitable remotely over the network — most dangerous. no physical or adjacent access needed.
Attack Complexity
High
Attack Complexity (AC:H): exploitation requires specific conditions outside the attacker's control (race condition, non-default config, etc).
Privileges Required
Low
Privileges Required (PR:L): requires basic user-level access.
User Interaction
Required
User Interaction (UI:R): victim must perform some action (e.g. clicking a link, opening a file).
impact
Scope
Unchanged
Scope (S:U): impact limited to the vulnerable component.
Confidentiality
Low
Confidentiality (C:L): limited data exposure. some restricted information can be read.
Integrity
None
Integrity (I:N): no integrity impact.
Availability
None
Availability (A:N): no availability impact.
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
activity density
rdintel assessment
composite score from 15+ signals including exploitation status, epss probability, detection coverage, and community attention. 0-100 scale.
sign in to view full intelligence
pocs, detection rules, timeline, advisories, and more