Cross-Site Scripting Vulnerability in MultiVendorX WC Marketplace
CVE-2025-24706
6.5MEDIUM
What is CVE-2025-24706?
A Cross-Site Scripting (XSS) vulnerability exists in the MultiVendorX WC Marketplace plugin, which allows attackers to store malicious scripts. This vulnerability poses serious security risks as it can lead to unauthorized actions and data leakage by executing arbitrary code in the users' browsers. Affected users should urgently update their plugins to the latest version to mitigate potential exploits.
Affected Version(s)
WC Marketplace <= 4.2.13