VYPR
Medium severity4.3NVD Advisory· Published Jun 9, 2023· Updated Apr 8, 2026

CVE-2023-2275

CVE-2023-2275

Description

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'get_item', 'get_order_notes' and 'add_order_note' functions in versions up to, and including, 1.5.3. This makes it possible for authenticated attackers with subscriber privileges or above, to view the order details and order notes, and add order notes.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:wclovers:woocommerce_multivendor_marketplace:*:*:*:*:*:wordpress:*:*+ 1 more
    • cpe:2.3:a:wclovers:woocommerce_multivendor_marketplace:*:*:*:*:*:wordpress:*:*range: <=1.5.3
    • (no CPE)range: <=1.5.3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.