CVE-2025-0493

Critical CVSS: 9.8

The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Limited Local File Inclusion in all versions up to, and including, 4.2.14 via the tabname parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included

Vendor

Multivendorx

Product

Multivendorx

CWE

CWE-22

Yayın Tarihi

2025-01-31 05:15:10

Güncelleme

2025-05-23 16:10:39

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-22 Multivendorx CRITICAL Multivendorx 2025

Referanslar

https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.14/classes/class-mvx-ajax.php#L661 https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.15/classes/class-mvx-ajax.php#L661 https://www.wordfence.com/threat-intel/vulnerabilities/id/812029d9-95d6-4bc9-98b2-700f462163b3?source=cve

Benzer Kayıtlar

Unknown

CVE-2025-48261

Insertion of Sensitive Information Into Sent Data vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor…

Medium

CVE-2025-48263

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiVendorX Multi…

Medium

CVE-2025-4101

The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized loss…

Medium

CVE-2025-2789

The MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay,…