cleantalk
Vulnerabilities and Security Researches

MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution, CVE-2024-9531

CVE, Research URL

CVE-2024-9531

Home page URL

Security reports for MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

Application

MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

Published on
Oct 24, 2024
Research Description
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvx_sent_deactivation_request' function in all versions up to, and including, 4.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to send a canned email to the site's administrator asking to delete the profile of an arbitrary vendor.
Affected versions
Min -, max 4.2.5.
Status
vulnerable
Previous vulnerability researches
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (CVE-2024-43213) , Aug 13, 2024
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (CVE-2025-24706) , Jan 26, 2025
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (CVE-2025-0493) , Feb 01, 2025
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (f6dac86c56f0b98d1aa8429a04135a51c4e492d5) , Jun 06, 2024
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (CVE-2022-2657) , Jun 06, 2024
New vulnerability
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts (CVE-2025-3100) , Apr 09, 2025
3DPrint Lite (CVE-2025-3428) , Apr 09, 2025
3DPrint Lite (CVE-2025-3429) , Apr 09, 2025
3DPrint Lite (CVE-2025-3427) , Apr 09, 2025
3DPrint Lite (CVE-2025-3430) , Apr 09, 2025