Log out
Get PRO

Latest

Access violation vulnerability in MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution 4.2.4

  • Severity: medium-risk
  • Status: Fixed
  • Publication: October 23, 2024

The MultiVendorX plugin for WordPress allows multiple vendors to sell products on a website. However, there is a security vulnerability in all versions up to 4.2.4 that could allow unauthorized changes to be made to data. This is because the plugin does not check for the proper permissions when using the ‘mvx_sent_deactivation_request’ function. As a result, someone with at least Subscriber-level access could potentially send a pre-written email to the site’s administrator, asking them to delete a vendor’s profile.

Detected in:

MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy fixed vulnerable versions:
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution fixed vulnerable versions:
MultiVendorX – Transforming WooCommerce into Your Dream Marketplace fixed vulnerable versions:
MultiVendorX – WooCommerce Multivendor – WooCommerce Marketplace – Build Next Amazon, eBay, Etsy, Airbnb fixed vulnerable versions:
MultiVendorX – WooCommerce Multivendor Marketplace Solutions fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.