cleantalk
Vulnerabilities and Security Researches

MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution, CVE-2025-49916

CVE, Research URL

CVE-2025-49916

Home page URL

Security reports for MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

Application

MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

Published on
Oct 22, 2025
Research Description
Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MultiVendorX: from n/a through <= 4.2.23.
Affected versions
max 4.2.23.
Status
vulnerable
Previous vulnerability researches
One Click Accessibility (CVE-2025-32640) , Apr 10, 2025
One Click Accessibility (CVE-2025-10700) , Nov 10, 2025
New vulnerability
AnyComment (CVE-2025-48091) , Nov 10, 2025
AnyComment (CVE-2025-60240) , Nov 10, 2025
Memberlite Shortcodes (CVE-2025-48087) , Nov 10, 2025
Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps &amp; One (CVE-2025-10567) , Nov 10, 2025
NEX-Forms &#8211; Ultimate Form Builder &#8211; Contact forms and much more (CVE-2025-10185) , Nov 10, 2025