Lucene search
K

CVE-2022-2657

šŸ—“ļøĀ 05 Sep 2022Ā 12:35:22Reported byĀ WPScanTypeĀ 
cve
Ā cve
šŸ”—Ā web.nvd.nist.govšŸ“°ļøĀ 4Ā Media mentionsšŸ‘Ā 64Ā Views🌐 WEB

The Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2022-2657
5 Sep 202213:15
–attackerkb
Circl
CVE-2022-2657
5 Sep 202216:12
–circl
CNNVD
WordPress plugin WooCommerce å®‰å…Øę¼ę“ž
5 Sep 202200:00
–cnnvd
Cvelist
CVE-2022-2657 Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthorised AJAX Calls
5 Sep 202212:35
–cvelist
EUVD
EUVD-2022-34903
3 Oct 202520:07
–euvd
NVD
CVE-2022-2657
5 Sep 202213:15
–nvd
OSV
CVE-2022-2657
5 Sep 202213:15
–osv
Patchstack
WordPress WC Marketplace Plugin <= 3.8.11.8 - Unauthorized AJAX Calls Vulnerability
15 Aug 202200:00
–patchstack
Prion
Cross site request forgery (csrf)
5 Sep 202213:15
–prion
Positive Technologies
PT-2022-17935 Ā· WordPress Ā· Multivendor Marketplace Solution For Woocommerce
5 Sep 202200:00
–ptsecurity
Rows per page
[
  {
    "product": "Multivendor Marketplace Solution for WooCommerce – WC Marketplace",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "3.8.12",
        "status": "affected",
        "version": "3.8.12",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
user_idrequest body/wp-admin/admin-ajax.php?action=wcmp_suspend_vendorUnauthenticated/CSRF-prone AJAX action to suspend a vendor via wcmp_suspend_vendor.CWE-862,Ā CWE-352
redirectrequest body/wp-admin/admin-ajax.php?action=wcmp_suspend_vendorUnauthenticated/CSRF-prone AJAX action to suspend a vendor via wcmp_suspend_vendor.CWE-862,Ā CWE-352
order_idrequest body/wp-admin/admin-ajax.php?action=wcmp_order_status_changedUnauthenticated/CSRF-prone AJAX action to change order status via wcmp_order_status_changed.CWE-862,Ā CWE-352
selected_statusrequest body/wp-admin/admin-ajax.php?action=wcmp_order_status_changedUnauthenticated/CSRF-prone AJAX action to change order status via wcmp_order_status_changed.CWE-862,Ā CWE-352

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 04:42Current
4.8Medium risk
Vulners AI Score4.8
CVSS 3.14.3
EPSS0.00265
64