cleantalk
Vulnerabilities and Security Researches

MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution, CVE-2025-49916

CVE, Research URL

CVE-2025-49916

Home page URL

Security reports for MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

Application

MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

Published on
Oct 22, 2025
Research Description
Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MultiVendorX: from n/a through <= 4.2.23.
Affected versions
max 4.2.23.
Status
vulnerable
Previous vulnerability researches
Schema &amp; Structured Data for WP &amp; AMP (CVE-2024-49683) , Oct 25, 2024
Schema &amp; Structured Data for WP &amp; AMP (CVE-2025-11502) , Nov 10, 2025
Schema &amp; Structured Data for WP &amp; AMP (CVE-2025-9512) , Oct 11, 2025
Schema &amp; Structured Data for WP &amp; AMP (CVE-2024-1586) , Jun 07, 2024
Schema &amp; Structured Data for WP &amp; AMP (CVE-2023-51677) , Jun 07, 2024
New vulnerability
NEX-Forms &#8211; Ultimate Form Builder &#8211; Contact forms and much more (CVE-2025-10185) , Nov 10, 2025
Auto Login After Registration (CVE-2025-49946) , Nov 10, 2025
Trinity Audio &#8211; Text to Speech AI audio player to convert content into audio (CVE-2025-9196) , Nov 10, 2025
Multi Item Responsive Slider (CVE-2025-11992) , Nov 10, 2025
Restrict User Registration (CVE-2023-53599) , Nov 10, 2025