cleantalk
Vulnerabilities and Security Researches

MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution, CVE-2024-12413

CVE, Research URL

CVE-2024-12413

Home page URL

Security reports for MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution

Application

MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution

Published on
Dec 25, 2024
Research Description
The MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions like 'marketking_delete_team_member', 'marketkingrejectuser', 'marketking_save_profile_settings', and many more in all versions up to, and including, 2.0.00. This makes it possible for unauthenticated attackers to delete users, update settings, approve users, and more.
Affected versions
max 2.0.25.
Status
vulnerable
Previous vulnerability researches
MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution (CVE-2025-58702) , Apr 25, 2026
MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution (CVE-2024-12413) , Dec 27, 2024
MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution (CVE-2024-13519) , Jan 19, 2025
New vulnerability
SnapWidget Social Photo Feed Widget (CVE-2025-58241) , Apr 25, 2026
Cozy Blocks – Page Builder Blocks for FSE and Gutenberg Editor, Gutenberg Blocks, WooCommerce Blocks, Post Blocks, Slider (CVE-2025-59573) , Apr 25, 2026
JoomSport – for Sports: Team & League, Football, Hockey & more (CVE-2025-7721) , Apr 25, 2026
World first Lifetime free Form Builder for WordPress (CVE-2025-58957) , Apr 25, 2026
Ultimate Classified Listings (CVE-2025-9874) , Apr 25, 2026