Lucene search
K

4 matches found

CVE
CVE
added 2025/12/05 7:26 a.m.11 views

CVE-2025-12130

CVE-2025-12130 concerns the WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors WordPress plugin. Wordfence and NVD indicate a Cross-Site Request Forgery (CSRF) vulnerability due to missing/incorrect nonce validation on the /vendor_dashboard/product/delete/ endpoint, al...

4.3CVSS4.9AI score0.00102EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/05 7:26 a.m.2 views

CVE-2025-12130 WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors <= 2.6.4 - Cross-Site Request Forgery to Vendor Product Deletion

The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4. This is due to missing or incorrect nonce validation on the /vendordashboard/product/delete/ endpoint...

4.3CVSS4.9AI score0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/05 7:26 a.m.22 views

CVE-2025-12130 WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors <= 2.6.4 - Cross-Site Request Forgery to Vendor Product Deletion

The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4. This is due to missing or incorrect nonce validation on the /vendordashboard/product/delete/ endpoint...

4.3CVSS0.00102EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.6 views

PT-2025-49231

The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4. This is due to missing or incorrect nonce validation on the /vendor dashboard/product/delete/ endpoint...

4.3CVSS5.3AI score0.00102EPSS
Exploits0References3
Rows per page
Query Builder