Description The WC Marketplace plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the βmvx_save_dashpagesβ function in versions up to, and including, 4.0.23. This makes it possible for unauthenticated attackers to update the pluginβs settings.