Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wcmp — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting wcmp. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WCMP is a WordPress plugin for creating custom post types and managing content, widely used for enhancing website functionality. Historically, it has been susceptible to multiple security vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws, with eight CVEs documented. The plugin's complex architecture and extensive permissions have made it a target for attackers. Notable security characteristics include insufficient input validation and inadequate access controls, which have led to several high-severity incidents. In 2021, a critical vulnerability allowed unauthenticated attackers to execute arbitrary code, affecting thousands of websites. Despite patches, ongoing security concerns persist due to the plugin's broad deployment and frequent updates.

Top products by wcmp: MultiVendorX – WooCommerce Multivendor Marketplace Solutions
CVE IDTitleCVSSSeverityPublished
CVE-2025-4101 MultiVendorX – WooCommerce Multivendor Marketplace Solutions <= 4.2.22 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Post Deletion — MultiVendorX – WooCommerce Multivendor Marketplace SolutionsCWE-863 4.3 Medium2025-05-17
CVE-2025-2789 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.19 - Missing Authorization to Unauthenticated Table Rates Deletion — MultiVendorX – WooCommerce Multivendor Marketplace SolutionsCWE-862 5.3 Medium2025-04-05
CVE-2025-0493 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.14 - Unauthenticated Limited Local File Inclusion — MultiVendorX – WooCommerce Multivendor Marketplace SolutionsCWE-22 9.8 Critical2025-01-31
CVE-2024-9943 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Cross-Site Request Forgery to Vendor Updates — MultiVendorX – WooCommerce Multivendor Marketplace SolutionsCWE-352 6.3 Medium2024-10-24
CVE-2024-9531 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Missing Authorization to Forged Vendor Profile Deletion Email Sending — MultiVendorX – WooCommerce Multivendor Marketplace SolutionsCWE-285 4.3 Medium2024-10-24
CVE-2024-8289 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.0 - Missing Authorization to Limited Vendor Privilege Escalation/Account Takeover — MultiVendorX – WooCommerce Multivendor Marketplace SolutionsCWE-862 9.8 Critical2024-09-04
CVE-2024-5259 MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution <= 4.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via hover_animation Parameter — MultiVendorX – WooCommerce Multivendor Marketplace SolutionsCWE-79 6.4 Medium2024-06-06
CVE-2020-36741 MultiVendorX – MultiVendor Marketplace Solution For WooCommerce <= 3.5.7 - Cross-Site Request Forgery Bypass — MultiVendorX – WooCommerce Multivendor Marketplace SolutionsCWE-352 4.3 Medium2023-07-01

This page lists every published CVE security advisory associated with wcmp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.