Cross-Site Scripting Vulnerability in MultiVendorX WC Marketplace
CVE-2025-24706
6.5MEDIUM
Summary
A Cross-Site Scripting (XSS) vulnerability exists in the MultiVendorX WC Marketplace plugin, which allows attackers to store malicious scripts. This vulnerability poses serious security risks as it can lead to unauthorized actions and data leakage by executing arbitrary code in the users' browsers. Affected users should urgently update their plugins to the latest version to mitigate potential exploits.
Affected Version(s)
WC Marketplace <= 4.2.13
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Peter Thaleikis (Patchstack Alliance)