cleantalk
Vulnerabilities and Security Researches

MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution, CVE-2025-0493

CVE, Research URL

CVE-2025-0493

Home page URL

Security reports for MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

Application

MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

Published on
Jan 31, 2025
Research Description
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Limited Local File Inclusion in all versions up to, and including, 4.2.14 via the tabname parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included
Affected versions
Min -, max 4.2.15.
Status
vulnerable
Previous vulnerability researches
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (CVE-2024-43213) , Aug 13, 2024
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (CVE-2025-24706) , Jan 26, 2025
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (CVE-2025-0493) , Feb 01, 2025
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (f6dac86c56f0b98d1aa8429a04135a51c4e492d5) , Jun 06, 2024
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution (CVE-2022-2657) , Jun 06, 2024
New vulnerability
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts (CVE-2025-3100) , Apr 09, 2025
3DPrint Lite (CVE-2025-3428) , Apr 09, 2025
3DPrint Lite (CVE-2025-3429) , Apr 09, 2025
3DPrint Lite (CVE-2025-3427) , Apr 09, 2025
3DPrint Lite (CVE-2025-3430) , Apr 09, 2025