Log out
Get PRO

Latest

Input validation vulnerability in MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution 4.2.13

  • Severity: medium-risk
  • Status: Fixed
  • Publication: January 24, 2025

The WC Marketplace tool for WordPress has a security issue called Stored Cross-Site Scripting in versions 4.2.13 and below. This happens because the tool does not properly clean or protect the information it receives and displays. This allows people with contributor access or higher to add harmful web scripts to pages, which will run whenever someone visits that page.

Detected in:

MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy fixed vulnerable versions:
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution fixed vulnerable versions:
MultiVendorX – Transforming WooCommerce into Your Dream Marketplace fixed vulnerable versions:
MultiVendorX – WooCommerce Multivendor – WooCommerce Marketplace – Build Next Amazon, eBay, Etsy, Airbnb fixed vulnerable versions:
MultiVendorX – WooCommerce Multivendor Marketplace Solutions fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.