VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 25 known issues Latest disclosed Jun 12, 2025

MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions Vulnerabilities

Review known vulnerability records for the WordPress plugin MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions (`dc-woocommerce-multi-vendor`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-49916, CVE-2025-48261 and CVE-2025-48263, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
25
High or Critical
9
Patch Coverage
100%
Last Updated
Nov 04, 2025
Priority CVE Quick Links

Fast paths into MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
20
CVE-2025-0493 Critical 4.2.15
CVE-2025-0493 MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions Local File Inclusion

MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.14 - Unauthenticated Limited Local File Inclusion

CVE-2024-8289 Critical 4.2.1
CVE-2024-8289 MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions Privilege Escalation

MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.0 - Missing Authorization to Limited Vendor Privilege Escalation/Account Takeover

CVE-2022-2657 High 3.8.12
CVE-2022-2657 MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions Cross-Site Request Forgery

Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Cross-Site Request Forgery

CVE-2024-24703 High 4.0.26
CVE-2024-24703 MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions Vulnerability

MultiVendorX Marketplace <= 4.0.25 - Missing Authorization

CVE-2024-8289 High 4.2.1
CVE-2024-8289 MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions Vulnerability

MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.0 - Missing Authorization to Arbitrary Vendor Deletion

CVE-2023-51355 High 4.0.24
CVE-2023-51355 MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions Vulnerability

WC Marketplace <= 4.0.23 - Missing Authorization via mvx_save_dashpages

CVE-2022-2657 High 3.8.12
CVE-2022-2657 MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions Vulnerability

Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Multiple Unprotected AJAX Actions

CVE-2025-48263 Medium 4.2.23
CVE-2025-48263 MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions Stored Cross-Site Scripting

MultiVendorX <= 4.2.22 - Authenticated (Contributor+) Stored Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
25 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
2 critical and 7 high severity findings.
Recent CVEs
CVE-2025-49916, CVE-2025-48261 and CVE-2025-48263
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-49916
CVE-2025-49916: MultiVendorX <= 4.2.23 - Missing Authorization

The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.2.23. This makes it possible for unauthenticated attackers to perform...

Published
Jun 12, 2025
Patched Release
4.2.24
Affected Versions
Versions up to 4.2.23
Next Step
Update to 4.2.24 or newer if supported.
Open CVE-2025-49916 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-48261
CVE-2025-48261: MultiVendorX <= 4.2.22 - Unauthenticated Information Exposure

The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.22. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...

Published
Jun 04, 2025
Patched Release
4.2.23
Affected Versions
Versions up to 4.2.22
Next Step
Update to 4.2.23 or newer if supported.
Open CVE-2025-48261 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-48263
CVE-2025-48263: MultiVendorX <= 4.2.22 - Authenticated (Contributor+) Stored Cross-Site Scripting

The MultiVendorX plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.2.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...

Published
May 19, 2025
Patched Release
4.2.23
Affected Versions
Versions up to 4.2.22
Next Step
Update to 4.2.23 or newer if supported.
Open CVE-2025-48263 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-4101
CVE-2025-4101: MultiVendorX – WooCommerce Multivendor Marketplace Solutions <= 4.2.22 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Post Deletion

The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized loss of data due to a misconfigured capability check on the 'delete_fpm_product' function in all versions up to, and including, 4.2.22. This makes it possible for a...

Published
May 16, 2025
Patched Release
4.2.23
Affected Versions
Versions up to 4.2.22
Next Step
Update to 4.2.23 or newer if supported.
Open CVE-2025-4101 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-2789
CVE-2025-2789: MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.19 - Missing Authorization to Unauthenticated Table Rates Deletion

The MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_table_rate_shipping_row function in all ver...

Published
Apr 04, 2025
Patched Release
4.2.20
Affected Versions
Versions up to 4.2.19
Next Step
Update to 4.2.20 or newer if supported.
Open CVE-2025-2789 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2025-0493
CVE-2025-0493: MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.14 - Unauthenticated Limited Local File Inclusion

The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Limited Local File Inclusion in all versions up to, and including, 4.2.14 via the tabname parameter. This makes it possible for unauthenticated attackers to include...

Published
Jan 30, 2025
Patched Release
4.2.15
Affected Versions
Versions up to 4.2.14
Next Step
Update to 4.2.15 or newer if supported.
Open CVE-2025-0493 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-24706
CVE-2025-24706: WC Marketplace <= 4.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WC Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.2.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, t...

Published
Jan 24, 2025
Patched Release
4.2.14
Affected Versions
Versions up to 4.2.13
Next Step
Update to 4.2.14 or newer if supported.
Open CVE-2025-24706 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-9531
CVE-2024-9531: MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Missing Authorization to Forged Vendor Profile Deletion Email Sending

The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvx_sent_deactivation_request' function in all versions up to, and including, 4.2.4. This...

Published
Oct 23, 2024
Patched Release
4.2.5
Affected Versions
Versions up to 4.2.4
Next Step
Update to 4.2.5 or newer if supported.
Open CVE-2024-9531 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-9943
CVE-2024-9943: MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Cross-Site Request Forgery to Vendor Updates

The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.4. This is due to missing or incorrect nonce validation on several functions in api/class-mvx-re...

Published
Oct 23, 2024
Patched Release
4.2.5
Affected Versions
Versions up to 4.2.4
Next Step
Update to 4.2.5 or newer if supported.
Open CVE-2024-9943 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2024-8289
CVE-2024-8289: MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.0 - Missing Authorization to Limited Vendor Privilege Escalation/Account Takeover

The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capability check on the update_item_permissions_check and create_item_permissions_chec...

Published
Sep 03, 2024
Patched Release
4.2.1
Affected Versions
Versions up to 4.2.0
Next Step
Update to 4.2.1 or newer if supported.
Open CVE-2024-8289 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-8289
CVE-2024-8289: MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.0 - Missing Authorization to Arbitrary Vendor Deletion

The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to arbitrary vendor user deletion due to an insufficient capability check on the delete_item_permissions_check function in all versions up to, and including, 4.2.0. Thi...

Published
Sep 03, 2024
Patched Release
4.2.1
Affected Versions
Versions up to 4.2.0
Next Step
Update to 4.2.1 or newer if supported.
Open CVE-2024-8289 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-43213
CVE-2024-43213: WC Marketplace <= 4.1.17 - Reflected Cross-Site Scripting

The WC Marketplace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.1.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

Published
Aug 09, 2024
Patched Release
4.2.0
Affected Versions
Versions up to 4.1.17
Next Step
Update to 4.2.0 or newer if supported.
Open CVE-2024-43213 Report Open CVE Reference