vulnerability
WordPress Plugin: dc-woocommerce-multi-vendor: CVE-2025-0493: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Jan 30, 2025 | May 15, 2025 | Jun 24, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Jan 30, 2025
Added
May 15, 2025
Modified
Jun 24, 2025
Description
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Limited Local File Inclusion in all versions up to, and including, 4.2.14 via the tabname parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included
Solution
dc-woocommerce-multi-vendor-plugin-cve-2025-0493
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.