Vulnerabilities in wcmp
8 resultsCVE-2024-8289CRITICALMultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.0 - Missing Authorization to Limited Vendor Privilege Escalation/Account TakeoverEPSS 1.3%CVE-2025-0493CRITICALMultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.14 - Unauthenticated Limited Local File InclusionEPSS 1.0%CVE-2020-36741MEDIUMMultiVendorX – MultiVendor Marketplace Solution For WooCommerce <= 3.5.7 - Cross-Site Request Forgery BypassEPSS 0.3%CVE-2024-9531MEDIUMMultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Missing Authorization to Forged Vendor Profile Deletion Email SendingEPSS 0.3%CVE-2024-5259MEDIUMMultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution <= 4.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via hover_animation ParameterEPSS 0.3%CVE-2025-2789MEDIUMMultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.19 - Missing Authorization to Unauthenticated Table Rates DeletionEPSS 0.3%CVE-2025-4101MEDIUMMultiVendorX – WooCommerce Multivendor Marketplace Solutions <= 4.2.22 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Post DeletionEPSS 0.2%CVE-2024-9943MEDIUMMultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Cross-Site Request Forgery to Vendor UpdatesEPSS 0.2%