Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wcmp — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting wcmp. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WCMP is a WordPress plugin for creating custom post types and managing content, widely used for enhancing website functionality. Historically, it has been susceptible to multiple security vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws, with eight CVEs documented. The plugin's complex architecture and extensive permissions have made it a target for attackers. Notable security characteristics include insufficient input validation and inadequate access controls, which have led to several high-severity incidents. In 2021, a critical vulnerability allowed unauthenticated attackers to execute arbitrary code, affecting thousands of websites. Despite patches, ongoing security concerns persist due to the plugin's broad deployment and frequent updates.

Found 8 results / 8Clear Filters
Top products by wcmp: MultiVendorX – WooCommerce Multivendor Marketplace Solutions
CVE IDTitleCVSSSeverityPublished
CVE-2025-4101 MultiVendorX – WooCommerce Multivendor Marketplace Solutions <= 4.2.22 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Post Deletion — MultiVendorX – WooCommerce Multivendor Marketplace SolutionsCWE-863 4.3 Medium2025-05-17
CVE-2025-2789 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.19 - Missing Authorization to Unauthenticated Table Rates Deletion — MultiVendorX – WooCommerce Multivendor Marketplace SolutionsCWE-862 5.3 Medium2025-04-05
CVE-2025-0493 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.14 - Unauthenticated Limited Local File Inclusion — MultiVendorX – WooCommerce Multivendor Marketplace SolutionsCWE-22 9.8 Critical2025-01-31
CVE-2024-9943 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Cross-Site Request Forgery to Vendor Updates — MultiVendorX – WooCommerce Multivendor Marketplace SolutionsCWE-352 6.3 Medium2024-10-24
CVE-2024-9531 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Missing Authorization to Forged Vendor Profile Deletion Email Sending — MultiVendorX – WooCommerce Multivendor Marketplace SolutionsCWE-285 4.3 Medium2024-10-24
CVE-2024-8289 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.0 - Missing Authorization to Limited Vendor Privilege Escalation/Account Takeover — MultiVendorX – WooCommerce Multivendor Marketplace SolutionsCWE-862 9.8 Critical2024-09-04
CVE-2024-5259 MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution <= 4.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via hover_animation Parameter — MultiVendorX – WooCommerce Multivendor Marketplace SolutionsCWE-79 6.4 Medium2024-06-06
CVE-2020-36741 MultiVendorX – MultiVendor Marketplace Solution For WooCommerce <= 3.5.7 - Cross-Site Request Forgery Bypass — MultiVendorX – WooCommerce Multivendor Marketplace SolutionsCWE-352 4.3 Medium2023-07-01

This page lists every published CVE security advisory associated with wcmp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.