cleantalk
Vulnerabilities and Security Researches

MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution, CVE-2024-9943

CVE, Research URL

CVE-2024-9943

Home page URL

Security reports for MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

Application

MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

Published on
Oct 24, 2024
Research Description
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.4. This is due to missing or incorrect nonce validation on several functions in api/class-mvx-rest-controller.php. This makes it possible for unauthenticated attackers to update vendor account details, create vendor accounts, and delete arbitrary users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 4.2.5.
Status
vulnerable
Previous vulnerability researches
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (CVE-2024-43213) , Aug 13, 2024
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (CVE-2025-24706) , Jan 26, 2025
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (CVE-2025-0493) , Feb 01, 2025
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (f6dac86c56f0b98d1aa8429a04135a51c4e492d5) , Jun 06, 2024
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (CVE-2022-2657) , Jun 06, 2024
New vulnerability
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts (CVE-2025-3100) , Apr 09, 2025
3DPrint Lite (CVE-2025-3428) , Apr 09, 2025
3DPrint Lite (CVE-2025-3429) , Apr 09, 2025
3DPrint Lite (CVE-2025-3427) , Apr 09, 2025
3DPrint Lite (CVE-2025-3430) , Apr 09, 2025