CVE-2025-48263

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Stored XSS.This issue affects MultiVendorX: from n/a through = 4.2.22...

CVE-2025-48263

CVE-2025-48263 describes a Stored Cross-Site Scripting (XSS) in MultiVendorX up to version 4.2.22, caused by improper input neutralization during web page generation. Public sources (NVD, PatchStack, CVE lists) confirm the flaw and assign a medium severity (CVSS 3.1 around 5.4–6.5), with no expli...

CVE-2025-48263 WordPress MultiVendorX plugin <= 4.2.22 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Stored XSS.This issue affects MultiVendorX: from n/a through = 4.2.22...

CVE-2025-4101

CVE-2025-4101 affects MultiVendorX – WooCommerce Multivendor Marketplace Solutions (WordPress plugin). The root cause is a misconfigured capability check in the delete_fpm_product function, allowing authenticated users with Contributor+ privileges to delete arbitrary posts, pages, attachments and...

CVE-2025-2789

The MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletetablerateshippingrow function in all versions up to, and...

CVE-2025-2789 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.19 - Missing Authorization to Unauthenticated Table Rates Deletion

The MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletetablerateshippingrow function in all versions up to, and...

CVE-2025-0493

The CVE-2025-0493 entry concerns the WordPress plugin MultiVendorX (The Ultimate WooCommerce Multivendor Marketplace Solution) with a Limited Local File Inclusion (LFI) vulnerability via the tabname parameter. Affected versions are all up to and including 4.2.14, and exploitation is possible with...

CVE-2023-51355 WordPress MultiVendorX plugin <= 4.0.23 - Broken Access Control vulnerability

Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MultiVendorX: from n/a through = 4.0.23...

WordPress Plugin MultiVendorX 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...