Lucene search
K

13 matches found

Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-57685 WordPress Martfury - WooCommerce Marketplace WordPress theme theme <= 3.2.8 - Broken Access Control vulnerability

Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme = 3.2.8 versions...

4.3CVSS0.00254EPSS
Exploits0References1
CVE
CVE
added 4 days ago13 views

CVE-2026-57685

CVE-2026-57685: A Broken Access Control vulnerability exists in WordPress Martfury - WooCommerce Marketplace Theme (versions

4.3CVSS5.8AI score0.00254EPSS
Exploits0References1
Patchstack
Patchstack
added last week7 views

WordPress Martfury - WooCommerce Marketplace WordPress theme theme <= 3.2.8 - Broken Access Control vulnerability

WordPress Martfury - WooCommerce Marketplace WordPress theme theme = 3.2.8 - Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Martfury - WooCommerce Marketplace WordPress Theme versions = 3.2.8...

4.3CVSS5.8AI score0.00254EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/27 6:50 a.m.14 views

CVE-2026-11783

The CVE concerns the Dokan: AI Powered WooCommerce Multivendor Marketplace Solution for WordPress. A Stored XSS flaw exists in all versions up to 5.0.4 due to insufficient input sanitization and output escaping of the Product SKU, enabling an authenticated attacker with custom-level access or hig...

6.4CVSS5.8AI score0.0022EPSS
Exploits0References8
CVE
CVE
added 2026/06/27 6:50 a.m.14 views

CVE-2026-11987

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution (WordPress) up to version 5.0.4 is vulnerable to Insecure Direct Object Reference via the id parameter due to missing validation on a user‑controlled key. Authenticated attackers with subscriber+ access can read other vendors’ pro...

4.3CVSS5.7AI score0.00271EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.10 views

PT-2026-53051

Name of the Vulnerable Software and Affected Versions Dokan: AI Powered WooCommerce Multivendor Marketplace Solution versions prior to 5.0.5 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with custom-level access ...

6.4CVSS5.8AI score0.0022EPSS
Exploits0References14
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-49990

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-52383

Malicious code in bioql PyPI...

7.6CVSS7.6AI score0.00725EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:48 a.m.9 views

CVE-2023-48327

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Vendors WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors.This issue affects WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors: from n...

7.6CVSS7.8AI score0.00725EPSS
Exploits0References1
NVD
NVD
added 2025/05/17 1:15 p.m.16 views

CVE-2025-4101

The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized loss of data due to a misconfigured capability check on the 'deletefpmproduct' function in all versions up to, and including, 4.2.22. This makes it possible for authenticated...

4.3CVSS0.00247EPSS
Exploits0References3
OSV
OSV
added 2025/05/02 6:15 a.m.4 views

CVE-2025-3438

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4. This is due to a lack of restriction of role when registering. This makes it possible for unauthenticated attackers to to...

7.3CVSS5.8AI score
Exploits0References5
NVD
NVD
added 2023/12/19 9:15 p.m.18 views

CVE-2023-48327

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Vendors WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors.This issue affects WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors: from n...

7.6CVSS0.00725EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/19 12:0 a.m.9 views

PT-2023-30787 · Unknown · Wc Vendors – Woocommerce Multi-Vendor +2

Name of the Vulnerable Software and Affected Versions: WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors versions 2.4.7 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL...

7.6CVSS7.7AI score0.00725EPSS
Exploits0References7
Rows per page
Query Builder