cleantalk
Vulnerabilities and Security Researches

MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution, CVE-2024-13519

CVE, Research URL

CVE-2024-13519

Home page URL

Security reports for MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution

Application

MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution

Published on
Jan 18, 2025
Research Description
The MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.9.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop Manager-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
max 2.0.0.
Status
vulnerable
Previous vulnerability researches
MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution (CVE-2025-58702) , Apr 25, 2026
MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution (CVE-2024-12413) , Dec 27, 2024
MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution (CVE-2024-13519) , Jan 19, 2025
New vulnerability
SnapWidget Social Photo Feed Widget (CVE-2025-58241) , Apr 25, 2026
Cozy Blocks – Page Builder Blocks for FSE and Gutenberg Editor, Gutenberg Blocks, WooCommerce Blocks, Post Blocks, Slider (CVE-2025-59573) , Apr 25, 2026
JoomSport – for Sports: Team & League, Football, Hockey & more (CVE-2025-7721) , Apr 25, 2026
World first Lifetime free Form Builder for WordPress (CVE-2025-58957) , Apr 25, 2026
Ultimate Classified Listings (CVE-2025-9874) , Apr 25, 2026