High 8.6
2025-10-22< 4.2.24
CVE-2025-49916
MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions
Minimum safe version
4.2.24
Update to 4.2.24 or later to address 36 fixable vulnerabilities
Latest available5.0.4 ✓
High 7.5
2025-06-09< 4.2.23
CVE-2025-48261
Medium 5.4
2025-05-19< 4.2.23
CVE-2025-48263
Medium 4.3
2025-05-17< 4.2.23
MultiVendorX – WooCommerce Multivendor Marketplace Solutions <= 4.2.22 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Post Deletion
Medium 5.3
2025-04-05< 4.2.20
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.19 - Missing Authorization to Unauthenticated Table Rates Deletion
Critical 9.8
2025-01-31< 4.2.15
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.14 - Unauthenticated Limited Local File Inclusion
Medium 6.5
2025-01-24< 4.2.14
CVE-2025-24706
Medium 4.3
2024-10-24< 4.2.5
CVE-2024-9531
Medium 6.3
2024-10-24< 4.2.5
CVE-2024-9943
Critical 9.8
2024-09-04< 4.2.1
CVE-2024-8289
High 7.1
2024-08-12< 4.2.0
CVE-2024-43213
Medium 5.4
2024-06-06< 4.1.12
CVE-2024-5259
High 8.8
2024-06-09< 4.1.4
CVE-2024-31304
Medium 6.5
2024-03-29< 4.1.4
CVE-2024-30433
High 8.6
2024-06-11< 4.0.26
CVE-2024-24703
N/A
< 4.0.26
MultiVendorX < 4.0.26 - Improper Authorization on REST Routes via 'save_settings_permission'
High 8.2
2024-12-26< 4.0.24
WordPress WC Marketplace Plugin <= 4.0.23 is vulnerable to Broken Access Control
N/A
2023-09-12< 4.0.26
MultiVendorX <= 4.0.25 - Improper Authorization on REST Routes via 'save_settings_permission'
Medium 4.3
2023-07-01< 3.5.8
CVE-2020-36741
N/A
< 3.5.8
Various Affected Software (Various Versions) - Cross-Site Request Forgery Bypass
N/A
2021-05-26< 3.7.4
Multivendor Marketplace Solution for WooCommerce <= 3.7.3 - Insecure Direct Object Reference
N/A
2021-12-06< 3.8.4
Multivendor Marketplace Solution for WooCommerce – WC Marketplace < 3.8.4 - Reflected Cross-Site Scripting
N/A
2022-08-15< 3.8.12
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Local File Inclusion
N/A
2022-08-15< 3.8.12
Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Reflected Cross-Site Scripting
N/A
< 3.7.4
Multivendor Marketplace Solution for WooCommerce < 3.7.4 - Unauthenticated Arbitrary Product Comment
N/A
< 3.8.4
Multivendor Marketplace Solution for WooCommerce < 3.8.4 - Reflected Cross-Site Scripting
N/A
< 3.8.12
Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthenticated LFI
N/A
< 3.8.12
Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Multiple Reflected Cross-Site Scripting
N/A
< 3.7.4
CSRF Bypass in Multiple Plugins
N/A
2022-08-15< 3.18.2
WordPress WC Marketplace Plugin <= 3.8.11.8 - Reflected Cross-Site Scripting vulnerability
N/A
2022-08-15< 3.8.12
WordPress WC Marketplace Plugin <= 3.8.11.8 - Unauthenticated Local File Inclusion (LFI) vulnerability
Medium 4.3
2022-09-05< 3.8.12
CVE-2022-2657
N/A
2020-09-16< 3.5.8
WordPress WC Marketplace plugin <= 3.5.7 - Cross-Site Request Forgery (CSRF) vulnerability
N/A
2021-05-26< 3.7.4
WordPress WC Marketplace plugin <= 3.7.3 - Unauthenticated Arbitrary Product Comment Posting vulnerability
N/A
2021-06-08< 3.7.4
WordPress WC Marketplace plugin <= 3.7.3 - Cross-Site Request Forgery (CSRF) vulnerability
N/A
2021-12-06< 3.8.5
WordPress WC Marketplace plugin <= 3.8.4 - Reflected Cross-Site Scripting (XSS) vulnerability