VYPR

Woocommerce Multivendor Marketplace

by Wclovers

CVEs (2)

  • CVE-2026-1722MedFeb 10, 2026
    risk 0.34cvss 5.3epss 0.00

    The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the `wcfm-refund-requests-form`…

  • CVE-2023-2275MedJun 9, 2023
    risk 0.28cvss 4.3epss 0.00

    The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'get_item', 'get_order_notes' and 'add_order_note' functions in versions up to, and including,…