The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7. This is due to missing or incorrect nonce validation on the submit_comment() function. This makes it possible for unauthenticated attackers to submit comments via a forged requ...
4.3CVSS
4.2AI Score
0.002EPSS
Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through 4.1.3.
8.8CVSS
6.9AI Score
0.001EPSS
The MultiVendorX Marketplace β WooCommerce MultiVendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βhover_animationβ parameter in all versions up to, and including, 4.1.11 due to insufficient input sanitization and output escaping. This makes it po...
6.4CVSS
6.1AI Score
0.001EPSS
The MultiVendorX β The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capability check on the update_item_permissions_check and create_item_permissions_check functions in all ...
9.8CVSS
9.5AI Score
0.001EPSS