CVE-2025-4101

Medium CVSS: 4.3

The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized loss of data due to a misconfigured capability check on the 'delete_fpm_product' function in all versions up to, and including, 4.2.22. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary posts, pages, attachments, and products. The vulnerability was partially patched in version 4.2.22.

Vendor

Multivendorx

Product

Multivendorx

CWE

CWE-863

Yayın Tarihi

2025-05-17 13:15:47

Güncelleme

2025-05-28 13:28:20

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-863 Multivendorx MEDIUM Multivendorx 2025

Referanslar

https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/trunk/classes/class-mvx-ajax.php#L982 https://plugins.trac.wordpress.org/changeset/3293832/dc-woocommerce-multi-vendor/trunk/classes/class-mvx-ajax.php?old=3272848&old_path=dc-woocommerce-multi-vendor%2Ftrunk%2Fclasses%2Fclass-mvx-ajax.php https://www.wordfence.com/threat-intel/vulnerabilities/id/5c1fd517-32ee-429d-9026-512afe117dc5?source=cve

Benzer Kayıtlar

Unknown

CVE-2025-48261

Insertion of Sensitive Information Into Sent Data vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor…

Medium

CVE-2025-48263

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiVendorX Multi…

Medium

CVE-2025-2789

The MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay,…

Critical

CVE-2025-0493

The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Limit…