MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

Information

Software Type Plugin
Software Slug dc-woocommerce-multi-vendor (view on wordpress.org)
Software Status Active
Software Author wcmp
Software Website multivendorx.com
Software Downloads 819,680
Software Active Installs 5,000
Software Record Last Updated July 26, 2024

13 Vulnerabilities

MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution <= 4.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via hover_animation Parameter
6.4
CVE-2024-5259
Jun 5, 2024
Researcher: stealthcopter
WC Marketplace <= 4.1.3 - Missing Authorization
4.3
CVE-2024-31304
Apr 5, 2024
Researcher: LVT-tholv2k
WC Marketplace <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-30433
Mar 28, 2024
Researcher: LVT-tholv2k
MultiVendorX Marketplace <= 4.0.25 - Missing Authorization
8.6
CVE-2024-24703
Jan 31, 2024
Researcher: Le Ngoc Anh
WC Marketplace <= 4.0.23 - Missing Authorization via mvx_save_dashpages
7.5
CVE-2023-51355
Dec 26, 2023
Researcher: thiennv
MultiVendorX <= 4.0.25 - Improper Authorization on REST Routes via 'save_settings_permission'
8.6
CVE ID Unknown
Sep 12, 2023
Researchers:
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Aug 15, 2022
Researcher: WPScanTeam
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Local File Inclusion
8.2
CVE ID Unknown
Aug 15, 2022
Researcher: WPScanTeam
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Multiple Unprotected AJAX Actions
7.3
CVE-2022-2657
Aug 15, 2022
Researcher: WPScanTeam
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Cross-Site Request Forgery
8.8
CVE-2022-2657
Aug 4, 2022
Researcher: moumitahalder
Multivendor Marketplace Solution for WooCommerce – WC Marketplace < 3.8.4 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Dec 6, 2021
Researcher: WPScanTeam
Multivendor Marketplace Solution for WooCommerce <= 3.7.3 - Insecure Direct Object Reference
4.3
CVE ID Unknown
May 26, 2021
Researcher: WPScanTeam
MultiVendorX – MultiVendor Marketplace Solution For WooCommerce <= 3.5.7 - Cross-Site Request Forgery Bypass
4.3
CVE-2020-36741
Sep 16, 2020
Researcher: Jerome Bruandet
Title Status CVE ID CVSS Researchers Date
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution <= 4.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via hover_animation Parameter Patched CVE-2024-5259 6.4 stealthcopter June 5, 2024
WC Marketplace <= 4.1.3 - Missing Authorization Patched CVE-2024-31304 4.3 LVT-tholv2k April 5, 2024
WC Marketplace <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-30433 6.4 LVT-tholv2k March 28, 2024
MultiVendorX Marketplace <= 4.0.25 - Missing Authorization Patched CVE-2024-24703 8.6 Le Ngoc Anh January 31, 2024
WC Marketplace <= 4.0.23 - Missing Authorization via mvx_save_dashpages Patched CVE-2023-51355 7.5 thiennv December 26, 2023
MultiVendorX <= 4.0.25 - Improper Authorization on REST Routes via 'save_settings_permission' Patched 8.6 September 12, 2023
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Reflected Cross-Site Scripting Patched 6.1 WPScanTeam August 15, 2022
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Local File Inclusion Patched 8.2 WPScanTeam August 15, 2022
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Multiple Unprotected AJAX Actions Patched CVE-2022-2657 7.3 WPScanTeam August 15, 2022
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Cross-Site Request Forgery Patched CVE-2022-2657 8.8 moumitahalder August 4, 2022
Multivendor Marketplace Solution for WooCommerce – WC Marketplace < 3.8.4 - Reflected Cross-Site Scripting Patched 6.1 WPScanTeam December 6, 2021
Multivendor Marketplace Solution for WooCommerce <= 3.7.3 - Insecure Direct Object Reference Patched 4.3 WPScanTeam May 26, 2021
MultiVendorX – MultiVendor Marketplace Solution For WooCommerce <= 3.5.7 - Cross-Site Request Forgery Bypass Patched CVE-2020-36741 4.3 Jerome Bruandet September 16, 2020

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation