CVE-2025-2789

Medium CVSS: 5.3

The MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_table_rate_shipping_row function in all versions up to, and including, 4.2.19. This makes it possible for unauthenticated attackers to delete Table Rates that can impact the shipping cost calculations.

Vendor

Multivendorx

Product

Multivendorx

CWE

CWE-862

Yayın Tarihi

2025-04-05 06:15:39

Güncelleme

2025-06-04 22:26:48

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-862 Multivendorx MEDIUM Multivendorx 2025

Referanslar

https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.19/packages/mvx-tablerate/mvx-tablerate.php#L211 https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.19/packages/mvx-tablerate/mvx-tablerate.php#L78 https://www.wordfence.com/threat-intel/vulnerabilities/id/bf4eca37-066f-428c-a4f7-061ce06e1142?source=cve

Benzer Kayıtlar

Unknown

CVE-2025-48261

Insertion of Sensitive Information Into Sent Data vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor…

Medium

CVE-2025-48263

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiVendorX Multi…

Medium

CVE-2025-4101

The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized loss…

Critical

CVE-2025-0493

The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Limit…