2 matches found
CVE-2024-8289 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.0 - Missing Authorization to Limited Vendor Privilege Escalation/Account Takeover
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capability check on the updateitempermissionscheck and createitempermissionscheck functions in all...
WordPress WC Marketplace Plugin <= 4.2.0 is vulnerable to Privilege Escalation
Software WC Marketplace Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-8289 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 9025ce00a31d Credits wesley...