cleantalk
Vulnerabilities and Security Researches

MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution, CVE-2024-8289

CVE, Research URL

CVE-2024-8289

Home page URL

Security reports for MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

Application

MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

Published on
Sep 04, 2024
Research Description
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capability check on the update_item_permissions_check and create_item_permissions_check functions in all versions up to, and including, 4.2.0. This makes it possible for unauthenticated attackers to change the password of any user with the vendor role, create new users with the vendor role, and demote other users like administrators to the vendor role.
Affected versions
Min -, max 4.2.1.
Status
vulnerable
Previous vulnerability researches
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (CVE-2024-43213) , Aug 13, 2024
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (CVE-2025-24706) , Jan 26, 2025
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (CVE-2025-0493) , Feb 01, 2025
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (f6dac86c56f0b98d1aa8429a04135a51c4e492d5) , Jun 06, 2024
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (CVE-2022-2657) , Jun 06, 2024
New vulnerability
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts (CVE-2025-3100) , Apr 09, 2025
3DPrint Lite (CVE-2025-3428) , Apr 09, 2025
3DPrint Lite (CVE-2025-3429) , Apr 09, 2025
3DPrint Lite (CVE-2025-3427) , Apr 09, 2025
3DPrint Lite (CVE-2025-3430) , Apr 09, 2025