cleantalk
Vulnerabilities and Security Researches

MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution, CVE-2025-2789

CVE, Research URL

CVE-2025-2789

Home page URL

Security reports for MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

Application

MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution

Published on
Apr 05, 2025
Research Description
The MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_table_rate_shipping_row function in all versions up to, and including, 4.2.19. This makes it possible for unauthenticated attackers to delete Table Rates that can impact the shipping cost calculations.
Affected versions
Min -, max 4.2.20.
Status
vulnerable
Previous vulnerability researches
Export All Posts, Products, Orders, Refunds & Users (CVE-2023-45066) , Jun 07, 2024
Export All Posts, Products, Orders, Refunds & Users (CVE-2016-11000) , Jun 07, 2024
Export All Posts, Products, Orders, Refunds & Users (CVE-2018-20968) , Jun 07, 2024
Export All Posts, Products, Orders, Refunds & Users (CVE-2023-2487) , Jun 07, 2024
Export All Posts, Products, Orders, Refunds & Users (CVE-2024-12315) , Feb 16, 2025
New vulnerability
Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links (CVE-2025-1264) , Apr 07, 2025
Advanced All in One Admin Search by WP Spotlight (CVE-2025-32261) , Apr 06, 2025
Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC (CVE-2025-32219) , Apr 06, 2025
Salon booking system (CVE-2025-32220) , Apr 06, 2025
1 Click WordPress Migration Plugin – 100% FREE for a limited time (CVE-2025-32257) , Apr 06, 2025