2 matches found
CVE-2025-9054 MultiLoca - WooCommerce Multi Locations Inventory Management <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Options Update via 'wcmlim_settings_ajax_handler'
The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'wcmlimsettingsajaxhandler' function in all versions up to, and including, 4.2.8...
CVE-2025-9054
CVE-2025-9054 affects the MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress. The issue is unauthorized modification of data due to a missing capability check in the wcmlim_settings_ajax_handler, impacting all versions up to 4.2.8. This allows unauthenticated attack...