MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution

Information

Software Type Plugin
Software Slug dc-woocommerce-multi-vendor (view on wordpress.org)
Software Status Active
Software Author wcmp
Software Website multivendorx.com
Software Downloads 847,713
Software Active Installs 5,000
Software Record Last Updated November 21, 2024

18 Vulnerabilities

Title Status CVE ID CVSS Researchers Date
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.0 - Missing Authorization to Limited Vendor Privilege Escalation/Account Takeover Patched CVE-2024-8289 9.8 wesley (wcraft) September 3, 2024
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Cross-Site Request Forgery Patched CVE-2022-2657 8.8 moumitahalder August 4, 2022
MultiVendorX Marketplace <= 4.0.25 - Missing Authorization Patched CVE-2024-24703 8.6 Le Ngoc Anh January 31, 2024
MultiVendorX <= 4.0.25 - Improper Authorization on REST Routes via 'save_settings_permission' Patched 8.6 September 12, 2023
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Local File Inclusion Patched 8.2 WPScanTeam August 15, 2022
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.0 - Missing Authorization to Arbitrary Vendor Deletion Patched CVE-2024-8289 7.5 wesley (wcraft) September 3, 2024
WC Marketplace <= 4.0.23 - Missing Authorization via mvx_save_dashpages Patched CVE-2023-51355 7.5 thiennv December 26, 2023
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Multiple Unprotected AJAX Actions Patched CVE-2022-2657 7.3 WPScanTeam August 15, 2022
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution <= 4.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via hover_animation Parameter Patched CVE-2024-5259 6.4 stealthcopter June 5, 2024
WC Marketplace <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-30433 6.4 LVT-tholv2k March 28, 2024
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Cross-Site Request Forgery to Vendor Updates Patched CVE-2024-9943 6.3 wesley (wcraft) October 23, 2024
WC Marketplace <= 4.1.17 - Reflected Cross-Site Scripting Patched CVE-2024-43213 6.1 LVT-tholv2k August 9, 2024
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Reflected Cross-Site Scripting Patched 6.1 WPScanTeam August 15, 2022
Multivendor Marketplace Solution for WooCommerce – WC Marketplace < 3.8.4 - Reflected Cross-Site Scripting Patched 6.1 WPScanTeam December 6, 2021
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Missing Authorization to Forged Vendor Profile Deletion Email Sending Patched CVE-2024-9531 4.3 Tieu Pham Trong Nhan October 23, 2024
WC Marketplace <= 4.1.3 - Missing Authorization Patched CVE-2024-31304 4.3 LVT-tholv2k April 5, 2024
Multivendor Marketplace Solution for WooCommerce <= 3.7.3 - Insecure Direct Object Reference Patched 4.3 WPScanTeam May 26, 2021
MultiVendorX – MultiVendor Marketplace Solution For WooCommerce <= 3.5.7 - Cross-Site Request Forgery Bypass Patched CVE-2020-36741 4.3 Jerome Bruandet September 16, 2020

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation