3 matches found
CVE-2022-2657 Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthorised AJAX Calls
The Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors reporter by the submitter or update arbitrary order status...
PT-2022-17935 · WordPress · Multivendor Marketplace Solution For Woocommerce
Name of the Vulnerable Software and Affected Versions: Multivendor Marketplace Solution for WooCommerce WordPress plugin versions prior to 3.8.12 Description: The issue is related to a lack of authorization and CSRF protection in multiple AJAX actions. This could allow authenticated users, such a...
Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthorised AJAX Calls
The plugin is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors reporter by the submitter or update arbitrary order status identified by WPScan when verifying the issue for example. Other...