cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9943,https://securityvulnerability.io/vulnerability/CVE-2024-9943,MultiVendorX plugin vulnerable to Cross-Site Request Forgery,"The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is affected by a Cross-Site Request Forgery (CSRF) vulnerability due to inadequate nonce validation in several functions of the api/class-mvx-rest-controller.php file. This flaw allows unauthenticated attackers to manipulate vendor account information and hinder user management processes. By tricking a site administrator into executing a forged request, attackers might update vendor account details, create new vendor accounts, and even delete arbitrary users. It is crucial for users of this plugin to apply the necessary updates to prevent potential exploitation.",Wordpress,Multivendorx – The Ultimate WooCommerce Multivendor Marketplace Solution,6.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-10-24T07:35:57.226Z,0
CVE-2024-9531,https://securityvulnerability.io/vulnerability/CVE-2024-9531,Unauthorized Data Modification Vulnerability in MultiVendorX Plugin,"The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvx_sent_deactivation_request' function in all versions up to, and including, 4.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to send a canned email to the site's administrator asking to delete the profile of an arbitrary vendor.",Wordpress,Multivendorx – The Ultimate WooCommerce Multivendor Marketplace Solution,4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-10-24T07:35:55.646Z,0
CVE-2024-8289,https://securityvulnerability.io/vulnerability/CVE-2024-8289,Ultimate Multivendor Marketplace Plugin Vulnerable to Privilege Escalation and Account Takeover,"The MultiVendorX plugin for WordPress enables users to manage multi-vendor marketplaces but suffers from vulnerabilities that allow for privilege escalation and account takeover. Specifically, insufficient capability checks in the update_item_permissions_check and create_item_permissions_check functions enable unauthenticated attackers to manipulate user accounts. Attackers can change the passwords of any user with a vendor role, create new users with vendor privileges, and demote existing users, including administrators, to the vendor role. This behavior presents a significant security risk for all users of the plugin prior to version 4.2.0.",Wordpress,Multivendorx – The Ultimate WooCommerce Multivendor Marketplace Solution,9.8,CRITICAL,0.0006300000241026282,false,,false,false,false,,false,false,2024-09-04T08:30:38.531Z,0