CVE-2026-39546 WordPress MultiLoca plugin <= 4.2.15 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in MultiLoca = 4.2.15 versions...

CVE-2026-39546

This CVE concerns the WordPress plugin MultiLoca (WooCommerce Multi-Locations Inventory Management) up to version 4.2.15, with a Subscriber Privilege Escalation vulnerability. The vulnerability is described as enabling a subscriber to escalate privileges, indicating a potential elevation from a l...

EUVD-2025-30956

Malicious code in bioql PyPI...

WordPress MultiLoca - WooCommerce Multi Locations Inventory Management plugin <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Options Update via 'wcmlim_settings_ajax_handler' vulnerability

WordPress MultiLoca - WooCommerce Multi Locations Inventory Management plugin = 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Options Update via 'wcmlimsettingsajaxhandler' vulnerability discovered by Thái An in WordPress Plugin MultiLoca versions = 4.2.8...

CVE-2024-13341

The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to SQL Injection via the 'data-id' parameter in all versions up to, and including, 4.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-13341

The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to SQL Injection via the 'data-id' parameter in all versions up to, and including, 4.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-13341 MultiLoca - WooCommerce Multi Locations Inventory Management <= 4.1.11 - Authenticated (Subscriber+) SQL Injection

The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to SQL Injection via the 'data-id' parameter in all versions up to, and including, 4.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-13341

CVE-2024-13341 affects the WordPress plugin “MultiLoca - WooCommerce Multi Locations Inventory Management” (WordPress/WooCommerce). The vulnerability is a SQL Injection via the data-id parameter in all versions up to and including 4.1.11, caused by insufficient escaping and unsafe handling of the...

CVE-2024-13341 MultiLoca - WooCommerce Multi Locations Inventory Management <= 4.1.11 - Authenticated (Subscriber+) SQL Injection

The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to SQL Injection via the 'data-id' parameter in all versions up to, and including, 4.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...