CVE-2025-0493
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Jan 31, 2025
CWE ID 22
Summary
CVE-2025-0493: The MultiVendorX plugin for WordPress, used in WooCommerce multivendor marketplaces, has a Local File Inclusion vulnerability. Unauthenticated attackers can exploit this issue by manipulating the tabname parameter to include PHP files on the server. This can lead to bypassing access controls, obtaining sensitive data, or executing arbitrary PHP code, posing a significant security risk. Versions up to 4.2.14 are vulnerable.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share