Access Control Flaw in MultiVendorX Plugin by WordPress
CVE-2025-49916
8.6HIGH
What is CVE-2025-49916?
The MultiVendorX plugin for WordPress contains a missing authorization issue that allows users to access functionality that should be restricted. This vulnerability primarily affects versions of the plugin up to and including 4.2.23, enabling unauthorized users to bypass access control lists (ACLs) and potentially exploit the affected website. It is crucial for website administrators to update to the latest version and apply necessary security measures to mitigate this risk.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
MultiVendorX <= n/a
References
CVSS V3.1
Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Mika (Patchstack Alliance)