MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

Information

Software Type Plugin
Software Slug dc-woocommerce-multi-vendor (view on wordpress.org)
Software Status Active
Software Author wcmp
Software Website multivendorx.com
Software Downloads 801,753
Software Active Installs 6,000
Software Record Last Updated May 2, 2024

12 Vulnerabilities

WC Marketplace <= 4.1.3 - Missing Authorization
4.3
CVE-2024-31304
Apr 5, 2024
Researcher: LVT-tholv2k
WC Marketplace <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-30433
Mar 28, 2024
Researcher: LVT-tholv2k
MultiVendorX Marketplace <= 4.1.2 - Missing Authorization
8.6
CVE-2024-24703
Jan 31, 2024
Researcher: Le Ngoc Anh
WC Marketplace <= 4.0.23 - Missing Authorization via mvx_save_dashpages
7.5
CVE-2023-51355
Dec 26, 2023
Researcher: thiennv
MultiVendorX <= 4.0.25 - Improper Authorization on REST Routes via 'save_settings_permission'
8.6
CVE ID Unknown
Sep 12, 2023
Researchers:
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Aug 15, 2022
Researcher: WPScanTeam
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Local File Inclusion
8.2
CVE ID Unknown
Aug 15, 2022
Researcher: WPScanTeam
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Multiple Unprotected AJAX Actions
7.3
CVE-2022-2657
Aug 15, 2022
Researcher: WPScanTeam
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Cross-Site Request Forgery
8.8
CVE-2022-2657
Aug 4, 2022
Researcher: moumitahalder
Multivendor Marketplace Solution for WooCommerce – WC Marketplace < 3.8.4 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Dec 6, 2021
Researcher: WPScanTeam
Multivendor Marketplace Solution for WooCommerce <= 3.7.3 - Insecure Direct Object Reference
4.3
CVE ID Unknown
May 26, 2021
Researcher: WPScanTeam
MultiVendorX – MultiVendor Marketplace Solution For WooCommerce <= 3.5.7 - Cross-Site Request Forgery Bypass
4.3
CVE-2020-36741
Sep 16, 2020
Researcher: Jerome Bruandet
Title CVE ID CVSS Researchers Date
WC Marketplace <= 4.1.3 - Missing Authorization CVE-2024-31304 4.3 LVT-tholv2k April 5, 2024
WC Marketplace <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-30433 6.4 LVT-tholv2k March 28, 2024
MultiVendorX Marketplace <= 4.1.2 - Missing Authorization CVE-2024-24703 8.6 Le Ngoc Anh January 31, 2024
WC Marketplace <= 4.0.23 - Missing Authorization via mvx_save_dashpages CVE-2023-51355 7.5 thiennv December 26, 2023
MultiVendorX <= 4.0.25 - Improper Authorization on REST Routes via 'save_settings_permission' 8.6 September 12, 2023
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Reflected Cross-Site Scripting 6.1 WPScanTeam August 15, 2022
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Local File Inclusion 8.2 WPScanTeam August 15, 2022
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Multiple Unprotected AJAX Actions CVE-2022-2657 7.3 WPScanTeam August 15, 2022
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Cross-Site Request Forgery CVE-2022-2657 8.8 moumitahalder August 4, 2022
Multivendor Marketplace Solution for WooCommerce – WC Marketplace < 3.8.4 - Reflected Cross-Site Scripting 6.1 WPScanTeam December 6, 2021
Multivendor Marketplace Solution for WooCommerce <= 3.7.3 - Insecure Direct Object Reference 4.3 WPScanTeam May 26, 2021
MultiVendorX – MultiVendor Marketplace Solution For WooCommerce <= 3.5.7 - Cross-Site Request Forgery Bypass CVE-2020-36741 4.3 Jerome Bruandet September 16, 2020

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation