CVE-2025-0493

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 31, 2025
CWE ID 22

Summary

CVE-2025-0493: The MultiVendorX plugin for WordPress, used in WooCommerce multivendor marketplaces, has a Local File Inclusion vulnerability. Unauthenticated attackers can exploit this issue by manipulating the tabname parameter to include PHP files on the server. This can lead to bypassing access controls, obtaining sensitive data, or executing arbitrary PHP code, posing a significant security risk. Versions up to 4.2.14 are vulnerable.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share