CPE Details
MultiVendorX 4.2.19 for WordPress
4.2.19
2025-06-05
15h54 +00:00
15h54 +00:00
2025-06-05
15h54 +00:00
15h54 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:multivendorx:multivendorx:4.2.19:*:*:*:*:wordpress:*:*
Informations
Vendor
multivendorxProduct
multivendorxVersion
4.2.19Target Software
wordpressRelated CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| Insertion of Sensitive Information Into Sent Data vulnerability in MultiVendorX MultiVendorX allows Retrieve Embedded Sensitive Data. This issue affects MultiVendorX: from n/a through 4.2.22. | 7.5 |
Haute |
||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiVendorX MultiVendorX allows Stored XSS. This issue affects MultiVendorX: from n/a through 4.2.22. | 6.5 |
Moyen |
||
| The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized loss of data due to a misconfigured capability check on the 'delete_fpm_product' function in all versions up to, and including, 4.2.22. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary posts, pages, attachments, and products. The vulnerability was partially patched in version 4.2.22. | 4.3 |
Moyen |
||
| The MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_table_rate_shipping_row function in all versions up to, and including, 4.2.19. This makes it possible for unauthenticated attackers to delete Table Rates that can impact the shipping cost calculations. | 6.5 |
Moyen |
