4 matches found
CVE-2024-9531
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvxsentdeactivationrequest' function in all versions up to, and including, 4.2.4. This makes it possible f...
CVE-2024-9531 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Missing Authorization to Forged Vendor Profile Deletion Email Sending
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvxsentdeactivationrequest' function in all versions up to, and including, 4.2.4. This makes it possible f...
PT-2024-39681 · WordPress · Multivendorx
Name of the Vulnerable Software and Affected Versions: MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress versions up to, and including, 4.2.4 Description: The issue allows authenticated attackers with Subscriber-level access and above to send a canned...
WordPress MultiVendorX plugin <= 4.2.4 - Missing Authorization to Forged Vendor Profile Deletion Email Sending vulnerability
Missing Authorization to Forged Vendor Profile Deletion Email Sending vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin MultiVendorX versions = 4.2.4...