Medium severity4.3NVD Advisory· Published Sep 5, 2022· Updated Jun 17, 2026
CVE-2022-2657
CVE-2022-2657
Description
The Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors (reporter by the submitter) or update arbitrary order status (identified by WPScan when verifying the issue) for example. Other unauthenticated attacks are also possible, either directly or via CSRF
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <3.8.12
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/c600dd04-f6aa-430b-aefb-c4c6d554c41anvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.