CVE-2023-34382

Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19...

CVE-2023-26525

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own...

CVE-2023-26689

An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request...

CVE-2023-26690

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu...

CVE-2023-26687

Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the productdata parameter in the PDF Add-on...

CVE-2023-2275

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'getitem', 'getordernotes' and 'addordernote' functions in versions up to, and including, 1.5.3. This makes it possibl...

CVE-2017-17960

PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php...

CVE-2017-17952

PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address...

CVE-2017-17953

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter...

CVE-2017-17959

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter...

CVE-2017-17957

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the mywishlist.php fid parameter...

CVE-2017-17955

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter...

CVE-2025-4101

The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized loss of data due to a misconfigured capability check on the 'deletefpmproduct' function in all versions up to, and including, 4.2.22. This makes it possible for authenticated...

WordPress plugin MultiVendorX – WooCommerce Multivendor Marketplace Solutions 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in WordPress plugin MultiVendorX -...

CVE-2025-1311

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in the updatedeliverystatus function in all versions up to, and including, 1.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2025-1311 WooCommerce Multivendor Marketplace – REST API <= 1.6.2 - Authenticated (Subscriber+) SQL Injection

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in the updatedeliverystatus function in all versions up to, and including, 1.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...

WordPress plugin WooCommerce Multivendor Marketplace SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress WooCommerce Multivendor Marketplace – REST API plugin <= 1.6.2 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WooCommerce Multivendor Marketplace – REST API versions = 1.6.2...

WordPress Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop plugin <= 1.7.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Bitcoin / AltCoin Payment Gateway for WooCommerce versions = 1.7.6...

PT-2024-39956 · WordPress · Multivendorx

Name of the Vulnerable Software and Affected Versions: MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress versions up to, and including, 4.2.4 Description: The issue is due to missing or incorrect nonce validation on several functions in...