13 matches found
CVE-2026-57685 WordPress Martfury - WooCommerce Marketplace WordPress theme theme <= 3.2.8 - Broken Access Control vulnerability
Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme = 3.2.8 versions...
CVE-2026-57685
CVE-2026-57685: A Broken Access Control vulnerability exists in WordPress Martfury - WooCommerce Marketplace Theme (versions
WordPress Martfury - WooCommerce Marketplace WordPress theme theme <= 3.2.8 - Broken Access Control vulnerability
WordPress Martfury - WooCommerce Marketplace WordPress theme theme = 3.2.8 - Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Martfury - WooCommerce Marketplace WordPress Theme versions = 3.2.8...
CVE-2026-11783
The CVE concerns the Dokan: AI Powered WooCommerce Multivendor Marketplace Solution for WordPress. A Stored XSS flaw exists in all versions up to 5.0.4 due to insufficient input sanitization and output escaping of the Product SKU, enabling an authenticated attacker with custom-level access or hig...
CVE-2026-11987
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution (WordPress) up to version 5.0.4 is vulnerable to Insecure Direct Object Reference via the id parameter due to missing validation on a user‑controlled key. Authenticated attackers with subscriber+ access can read other vendors’ pro...
PT-2026-53051
Name of the Vulnerable Software and Affected Versions Dokan: AI Powered WooCommerce Multivendor Marketplace Solution versions prior to 5.0.5 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with custom-level access ...
EUVD-2024-49990
Malicious code in bioql PyPI...
EUVD-2023-52383
Malicious code in bioql PyPI...
CVE-2023-48327
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Vendors WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors.This issue affects WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors: from n...
CVE-2025-4101
The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized loss of data due to a misconfigured capability check on the 'deletefpmproduct' function in all versions up to, and including, 4.2.22. This makes it possible for authenticated...
CVE-2025-3438
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4. This is due to a lack of restriction of role when registering. This makes it possible for unauthenticated attackers to to...
CVE-2023-48327
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Vendors WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors.This issue affects WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors: from n...
PT-2023-30787 · Unknown · Wc Vendors – Woocommerce Multi-Vendor +2
Name of the Vulnerable Software and Affected Versions: WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors versions 2.4.7 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL...