Unauthorized Data Deletion in MultiVendorX WooCommerce Plugin for WordPress
CVE-2025-2789
5.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 5 April 2025
What is CVE-2025-2789?
The MultiVendorX plugin for WooCommerce contains a vulnerability that permits unauthorized users to delete critical shipping rate data due to a missing capability check in the delete_table_rate_shipping_row function. This oversight can negatively affect shipping calculations, leading to possible disruptions in order processing and fulfillment for eCommerce platforms utilizing this plugin. Affected versions are up to and including 4.2.19.
Affected Version(s)
MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy * <= 4.2.19