cleantalk
Vulnerabilities and Security Researches

MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution, CVE-2024-5259

CVE, Research URL

CVE-2024-5259

Home page URL

Security reports for MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

Application

MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

Published on
Jun 06, 2024
Research Description
The MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hover_animation’ parameter in all versions up to, and including, 4.1.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 4.1.12.
Status
vulnerable
Previous vulnerability researches
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (CVE-2024-43213) , Aug 13, 2024
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (CVE-2025-24706) , Jan 26, 2025
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (CVE-2025-0493) , Feb 01, 2025
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (f6dac86c56f0b98d1aa8429a04135a51c4e492d5) , Jun 06, 2024
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (CVE-2022-2657) , Jun 06, 2024
New vulnerability
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts (CVE-2025-3100) , Apr 09, 2025
3DPrint Lite (CVE-2025-3428) , Apr 09, 2025
3DPrint Lite (CVE-2025-3429) , Apr 09, 2025
3DPrint Lite (CVE-2025-3427) , Apr 09, 2025
3DPrint Lite (CVE-2025-3430) , Apr 09, 2025