Log out
Get PRO

Latest

Access violation vulnerability in MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution 4.2.0

  • Severity: high-risk
  • Status: Fixed
  • Publication: September 3, 2024

A popular plugin for WordPress called MultiVendorX has a security issue that allows people to delete vendor accounts without proper authorization. This means that anyone, even those without an account, can delete important users with the “vendor” role. It can also be used with another vulnerability to delete administrator accounts.

Detected in:

MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy fixed vulnerable versions:
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution fixed vulnerable versions:
MultiVendorX – Transforming WooCommerce into Your Dream Marketplace fixed vulnerable versions:
MultiVendorX – WooCommerce Multivendor – WooCommerce Marketplace – Build Next Amazon, eBay, Etsy, Airbnb fixed vulnerable versions:
MultiVendorX – WooCommerce Multivendor Marketplace Solutions fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.