4 matches found
CVE-2025-12130
CVE-2025-12130 concerns the WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors WordPress plugin. Wordfence and NVD indicate a Cross-Site Request Forgery (CSRF) vulnerability due to missing/incorrect nonce validation on the /vendor_dashboard/product/delete/ endpoint, al...
CVE-2025-12130 WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors <= 2.6.4 - Cross-Site Request Forgery to Vendor Product Deletion
The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4. This is due to missing or incorrect nonce validation on the /vendordashboard/product/delete/ endpoint...
CVE-2025-12130 WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors <= 2.6.4 - Cross-Site Request Forgery to Vendor Product Deletion
The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4. This is due to missing or incorrect nonce validation on the /vendordashboard/product/delete/ endpoint...
PT-2025-49231
The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4. This is due to missing or incorrect nonce validation on the /vendor dashboard/product/delete/ endpoint...