3 matches found
CVE-2025-4101
creationtimestamp| type| source ---|---|--- 2025-05-17 17:12:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpf22qmzvq2h...
CVE-2025-4101
CVE-2025-4101 affects MultiVendorX – WooCommerce Multivendor Marketplace Solutions (WordPress plugin). The root cause is a misconfigured capability check in the delete_fpm_product function, allowing authenticated users with Contributor+ privileges to delete arbitrary posts, pages, attachments and...
CVE-2025-4101 MultiVendorX – WooCommerce Multivendor Marketplace Solutions <= 4.2.22 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Post Deletion
The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized loss of data due to a misconfigured capability check on the 'deletefpmproduct' function in all versions up to, and including, 4.2.22. This makes it possible for authenticated...